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ABSTRACT 

This book is an introductory course in mathematical logic covering 
basic topics in quantification theory and recursive function theory, and is 
intended for the reader who is interested in artificial intelligence, computer 
linguistics, and other related areas. The text is theoretical, but organized 
with implementation in mind. Toward the end there are a few experimental 
subjects aiming toward systems that can examine their own behavior, and 
toward the semantics of programming languages. The arithmetization of 
metamathematics is carried out in LISP rather than in the natural numbers, 
following an axiomatic treatment of LISP. 
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[Dhar Lho said], "Logic is the most important science of all learning. 
If one knows logic, all other studies become secondary. Therefore, I shall 
first discuss logic with you. Generally speaking, logic is the study of judge- 
ment and definitions, of which the most important subjects are the studies of 
direct experience, of inference and deduction, of 'sufficient reasoning' and 
•false reasoning', of 'non-decisive proofs', and of the patterns for construct- 
ing propositions. Now, tell me about all these things! " 

[Milarepa replied . . , j, "What I understand is that all manifestations 
[consist in] Mind, and Mind is the IUuminatdng-VQidnfiss without any shadow 
or impediment. Of this truth I have a decisive understanding; therefore not 
a single trace of inference or deduction can be found in my mind. If you 
want me to give some examples of 'false-reasoning', your own knowledge is 
a good one because it is against the Dharma; and since this 'false reasoning' 
only enhances your cravings and makes them 'sufficient', it is a good example 
of 'sufficient reasoning'. Your hypocritical and pretentious priestly manner 
contains the elements of both 'false' and 'sufficient' reasoning, which in turn 
stand as a good example of 'non-decisive proof." 

-The Hundred Thousand Songs of Milarepa- 
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PREFACE 

I would like to discuss first the contents of this book, and then the 
attitudes behind it. 

The first two chapters are about LISP. In Chapter One, s- expres- 
sions are introduced as a data space, and ihe basic functions of s -expressions 
are presented. In Chapter Two, recursive procedures are explained, and 
the recursive functions of s- express ions are ^iejined as those for which sweh 
procedures can be written. There is a discussion of why these appear to 
include all effectively computable functtons (Turing^s and.Church's theses). 

Chapters Three and Four are about proposition*! logic. Chapter 
Three introduces the notion of a deduction from given premises leading to a 
conclusion, and establishes the fact that deductions are mechanical procedures 
that can be checked for correctness by a computer program. Chapter Four 
considers theories in propositional logic andjmodels fbrpropositional logic, 
and contains consistency and completeness theorems. Attai this is a dress 
rehearsal for first order logic, where the same themes will be repeated in a 
richer setting. 

Chapter Five is a brief interruption of the development of deductive 
systems to discuss the concepts "recursive" and ^recursively enumerable", 
and to demonstrate the existence of undecidable questions such as Turing' s 
halting problem. 

The central portion of the book is about first order quantification 
theory, specifically first order languages with function and predicate names. 
Chapter Six introduces first order languages, first order models, and the 
semantic notion of satisfiability. Chapter Seven defines deduction, proves it 
to be semantically consistent, and presents a number of standard proofs 
theoretic results, including the deduction theorem, replacement of equivalents, 
change of bound variables and the choice rule. Chapter Eight contains the 



completeness theorem for first order logic in several different forms, 
together with related results such as compactness and the Skolem-LBwenheim 
theorem. Chapter Nine is a bundle of loose ends, which includes the 
extension of first order theories by means of conservative definitions, decida- 
bility, and comparisons with other deductive systems, namely Robinson's 
resolution, and Gentzen-type systems. 

The next topic is the theory of arithmetic, which is the arithmetic of 
the s-expressions. The arithmetic of the natural numbers is treated as a 
special case of this. The theory is presented informally in Chapter Ten, and 
as a formal first order theory in Chapter Eleven. In both cases, there is an 
emphasis on the strong analogy between Peano's postulates for the natural 
numbers, and the corresponding postulates for s-expressions. 

Chapter Twelve is concerned with the representation of recursive 
functions in the first order theory, which is then used to prove the incom- 
pleteness of arithmetic in three different ways: The first way is by construc- 
ting the LISP analogue of Gtidel's undecidable sentence. The machinery to do 
this comes naturally, because it is none other than an updated version of the 
proof-checker discussed in Chapter Three. Representing formulas and 
deductions by s-expressions is not nearly so strange or impractical as repre- 
senting them by GBdel numbers. The second method of proving the incom- 
pleteness of arithmetic is by representing computation (as distinct from 
deduction) in the deductive system, and mapping the halting problem into first 
order arithmetic. The third method uses an "information theoretic com- 
plexity" approach due to Chaitin. The argument advanced here is that these 
incompleteness results are not irrelevant theoretical considerations, but 
rather that they illustrate the richness of arithmetic, and introduce new (meta) 
ways of reasoning. 

This idea is followed up in Chapter Thirteen, which presents a formal 
axiomatic "metamathematics" which can be used to reason about formal 
arithmetic, and to produce proofs of the existence of proofs which are 
generally much shorter than the original proofs. There is a hierarchy of 
metamathematical levels, in that one can prove that there is a proof that there 
is a proof of some formula. This technique also enables one to prove the 
validity of theorem schemas and derived rules of inference. 
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Chapter Fourteen is about the recursion theorem, and its usefulness 
for representing partial recursive functions in first order arithmetic. This 
chapter is useful as background for studying current research in the seman- 
tics of programming languages. 

Chapter Fifteen contains some concluding remarks about second order- 
arithmetic and axiomatic set theory. , 

* * * 

Once upon a time, it was believed that the problem of getting a machine 
to behave intelligently would be solved by starting with a small kernel of 
intelligence capable of teaming, reasoning* and organising itself as it grew. 
There were several variants of this idea, and some of them assigned an 
important role to a "proof procedure" that could create demonstrations of 
logical propositions. 

This approach is now considered naive and simplistic. As researchers 
have immersed themselves in the task of simulating detailed aspects of human 
speech and perception, there has been a growing appreciation of the complex- 
ity and subtlety of these acts, and the large amount erf detailed knowledge that 
seems to underlie the phenomenon of intelligence. Artificial intelligence 
research is now detailed and nitty-gritty rather than vague and general. How 
do light and shadow allow us to find the edges of a block? How does the pre- 
formed concept of a block allow us to infer one from some edges? How do 
we determine the antecedent of a personal pronoun? 

Artificial intelligence is also becoming a more structured discipline, 
not as a universal mathematical theory, but as an epistemological and 
psychological theory. One of the main developments of the last few years is 
the recognition of knowledge as being procedural rather thaa merely factual. 
Knowledge is not a body of facts but, rattier, what one does with one's facts 
and situations. Such a study cannot help but run into the problem of intention- 
al ity. It is no accident that phenomenology, gestalt psychology, and the 
developmental epistemology of Piaget are now seen by many workers as 
relevant to artificial intelligence research. 

The logistic approach to artificial intelligence is severely and, in my 
opinion, correctly criticized in Marvin Minaky's Currently unpublished 
"Frames" paper. Almost all of the criticisms are related to the fact that 



logical deduction isolates the factual information or axioms from the methods 
of reasoning or rules of inference, (i) This separation forces one to repre- 
sent knowledge about the world as a large body of independent statements. 
Without a structure governing their relations, there is no way of selecting the 
relevant facts from among all the possible ones, and so attempts at deduction 
run into a combinatory explosiveness. (ii) Many "facts" are true only when 
used in a reasonable way. Minsky uses the example of "nearness" which is 
transitive in the sense that if A is near B, and B is near C, then A is near C. 
This bit of reasoning works as long as it is not carried too far. In principle, 
one can always make a more precise formulation of any axiom by adding more 
parameters. But this seems to be unrealistic and, in any case, people do 
not make use of deduction beyond the point of common sense, (iii) Deduction 
is monotonic in the sense that adding new axioms allows one to make new 
inferences, but does not prevent one from making any of the old ones. If a 
general rule turns out to have exceptions not foreseen at the time it was 
postulated, there is little one can do except change the original rule, and 
recheck everything one has done so far for correctness. The rules of logic 
do not permit one to make restrictions concerning the inappropriateness of 
certain deductions. (iv) Consistency and completeness do not appear to be 
desirable properties of a practical system of reasoning because there is no 
way to organize a body of real knowledge that is either consistent or complete, 
hot- example, human reasoning appears to make use of some of the principles 
of set theory, but has no specific safeguard that prevents the paradoxes of 
naive set theory. If someone is informed of Russell's paradox, he may either 
develop a critique of it or simply ignore it and go about his business. But in 
no case will the existence of the paradox interfere with his reasoning about 
ordinary situations. 



Minsky writes "I regard the recent demonstration of the consistency of 
modern set theory, thus, as indicating that set theory is probably inadequate 
for our purposes—not as reassurance that set theory is safe to use! " 
Minsky is referring to the work of Yessenin-Volpin, who curiously enough is 
saying much the same thing. Following a famous result of Godel, the con- 
sistency of ZF (axiomatic set theory) cannot follow from any argument that 
can be formalized within ZF itself. Since ZF is intended to incorporate all 
the set theoretic principles that mathematicians need to do their work, this 



The question, then, is why study mathematical logic at all and, in 
particular, why should there be a book organized as if the most important 
task to be done is to create an automated proof-checker capable of axiomatiz- 
ing systems of knowledge of almost any kind? (A proof-checker, as distinct 
from a proof-procedure, doesn't have the smarts to create a proof. It 
merely forces the intelligent human or other proof- generator to be completely 
precise, and perhaps it fills in the gaps in the proofs if they are not too 
difficult. ) I think that the answer to this question is not that such a project 
ought to be undertaken, but that the presumption involved is contained within 
logic itself, and goes back at least as far as Descartes, if not Aristotle. 

The logistic method is an attempt to grab a hold on the world by 
reducing it to premises, inferences and conclusions. This is not always a 
healthy way of relating to the world. I think that part of Dhar Lho's error 
was in not seeing this. Formal logic is the necessary consequence of informal 
logic, and automated logic is the necessary consequence of formal logic. The 
nature of the fruit is in the seed, and the mature fruit tells us something about 
the seed, as well as vice versa. 

Formal mathematical logic can be viewed as a structure, interesting 
in itself. But there is always a motive for one's choice of structures to 
develop. In the case of first order logical theories, this motive is the notion 
that, at least in principle, entire areas of mathematics can be formalized 
axiomatically in first order logic, and their theorems proven within it. 
Carrying this one step further, there is the ambition to axiomatize "real" 
situations in the same way. 

It is for this reason that the later chapters of this book are aimed in 
the direction of a large and unsolved problem which the professional logicians 
have not been overly interested in solving. How can a deductive system 
incorporate within itself those metamathematical processes which are 



has discouraged logicians from expecting to be able to prove the consistency 
of ZF. But Yessenin-Volpin writes that ZF is "not so expressive as is 
commonly believed". His consistency proof (which is too new and unusual 
for there to be any adequate professional evaluation at this time) uses tech- 
niques that are startling to mathematicians, but possibly relevant to Minsky's 
discussion, which he calls "tactics of attention", and which relate the deduc- 
tive process to questions of modality and intention. 



necessary to the work of a real mathematician, and do so in such a manner 
that new mathematical tools are proven to be valid before they are used? If 
mathematical logic does not investigate this problem soon, it will have failed 
to mature its most important concept, which is the applicability of the axio- 
matic method. 

In stressing this point, I am guilty of some confusions and inaccurac- 
ies which will be evident to any trained mathematical logician. Questions of 
foundations have been obscured by using axioms and definitions that are too 
strong. The distinction between finitary and set theoretic reasoning, and the 
historic context that makes this distinction important have not been made 
clear enough. My decision to allow definitions into theories has converted 
them into temporal or developmental entities, which is not as neat as the 
standard treatment of theories, although it is more practical and realistic. 
Some of the proofs of theorems are a bit sketchy and occasionally non-existent. 
This is especially true if the theorem asserts that there is an effective pro- 
cedure that does such and such. The book is written for people with compu- 
tational experience to whom such things are self-evident. On the whole, I 
think that this book is a useful introduction to logic from one point of view. 
The student who then wishes to continue his study of mathematical logic will 
have little difficulty in making the transition to the more standard presentation. 

* * * 

In some sense, then, this book is not about what its contents appear to 
be. The reader will have to form his own opinion concerning the relevance 
of logic to artificial intelligence or any other endeavor. If he is interested, 
this book will lead him through a maze of particulars and details, and will 
suggest some ways in which to organize this experience. Because logic is so 
abstract, it generally turns out that anything which is a real problem in logic 
will present itself elsewhere in some other form. You will have to ask your- 
self what is the relation between quantification, and space and time, or what 
is the relation between the deduction theorem, and modalities of speech such 
as the subjunctive, or whatever else it is that you notice while studying logic. 
Good luck! 
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PREREQUISITES 

It is assumed that the reader has a background and interest in 
computer programming, and that he has mathematical aptitude. The text 
assumes no specific mathematical knowledge other than those fundamental 
concepts basic to all of theoretical mathematics, but some mathematical 
sophistication is expected. 

LISP is used extensively, and it will help to have programmed in LISP. 
But this is not essential because LISP is developed in the first two chapters. 
There is some reference to common programming ideas such as ALGOL, 
call by value and name, procedures, etc. 

The mathematical prerequisites can all be found in {Halmos]. They 
include: 

Sets, subsets, membership, union, intersection, complement, 
power set. 

Function, domain, range, argument, value. 

Cardinality, finite, infinite, countable, uncountable, diagonalization. 

Equality, equivalence relation, partition, fcoset. 

Mathematical induction. 

Partial ordering, linear ordering, upper and lower bound, greatest 
upper bound, and greatest tower bound. 

Some familiarity with symbolic logic will be useful, but not essential. 
References to other mathematical subjects such as analysis, topology or 
ordinal numbers are mainly used as illustrations that may be skipped over. 



When a reference is made in square brackets, ^e Complete citation can be 
found in the bibliography, listed alphatoe*tea*ly bgettofhft^ff^fiame. 
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CHAPTER ONE 
SYMBOLIC EXPRESSIONS 



Preview of Chapters One and Two 

Chapter One introduces the basic data of LISP which are called 
s -expressions, and a set of basic functions^ ; s-e^xgr^sipns frpm which one 
may construct many other LISP functions. Chapter Twq introduces a simple 
language, recursive in nature, in which one can. describe precisely how to 
compute a complicated function from the basic functions. It |s important to 
learn this material thoroughly before proceeding further in this book because 
LISP will be used in relation to all the subsequent topics of discussion, and 
because, as we shall see later, LISP itself is the subject of a theory which is 
as elegant and simple in its postulates as is, i number theory, 

Pedagogically, it makes sense to ha,ye some practical experience with 
a subject before attempting a theory about Jt. For example^, numbers and 
the use of numbers are taught in elementary school, while number theory is 
typically a college level subject. Therefore, it is important to make use of 
these two chapters and their exercises to apqyir a sonje basic skill with 
s- expressions. 

If you are already a LISP programmer, ^st skim through the two 
chapters and note that some of the definitions used here differ from the pro- 
gramming system you are used to, and that many parts of the language have 
been omitted. 

§1.1- S-expressions 

The basic units from which s-expreasions are built are called atoms. 
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We shall define atoms, and then show how to build larger s- expressions from 
these. Atoms are of two kinds: names and numbers. 

A name is any sequence of one or more capital letters and digits which 
begins with a capital letter. 

A positive number is any sequence of one or more digits that does not 
begin with 0. 

Zero (0) is also a number. 

The positive numbers tog^er with b are called natural numbers. 
While we could define many other kinds of numbers, in this book we shall 
always" mean natural number when we' say nuoiber unless we specify other- 
wise. There* ore: '"'"''""• '■ , -' !no ' ! nc,i - ! -'*-■■ :•■■• ■■>.■ >uj,:u> ■ .-. ■;■ 

A number is a positive number or zero. 

There are many types of entities which can be ah^Sre considered 

atoms in various LI&lP systems. Once again' we shall rewri^oarseives to 

the minimal sfrucftyre required by'tee's^j^^altlW-oi'My %*>©fc. " Tnere- 
fore: "" "'' '"'' ' -■•■•-■'-•■ ■». -> <..;••- >■■-.. .: . -. • *..,. ■,.■..■. 

An atom is either a name or a number. 

Examples of atoms: 

A ABQ3 

RfiDBOX SAM 

6 AQ34500J7 

CAMf^HOQE 

We now proceed to s -expressions which ! ~are ; the main subject bf this 
chapter. An s -expression is a tree-like structure created entirely from 
atoms placed in a particular arrangement. Parentheses, dots, and the 
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spaces used to separate one atom from another are used to specify this 
arrangement. 

An s -expression is either an atom or else it is a structure having the 
form (a . /3) where both a and are s-expressions. 

This is an example of an inductive definition. From it, we can infer 
that A is an s-expression because A is an atom. Similarly, B is an s-expres- 
sion. Therefore (A . B) is an s-expression. Applying the definition again, 
since (A . B) and C are s-expressions, ((A . B) . C) is also an s-expression. 

Examples of s-expressions: 

A XYZ 

(A . XYZ) ((A . XYZ) . A) 

(A . (XYZ . A)) (Al . (A2 . (A3 . NIL))) 

((Al . A2) . (Bl . B2)) ((A . A) . (A . A)) 

Since we shall frequently make use of this kind of definition, it merits 
some discussion. It is a common practice among mathematicians to limit 
such a definition by' adding: "... and nothing else is an s-expression". We 
shall always assume this to be the case. 

It is possible to conclude from the definition that all s-expressions 
have the same number of left and right parentheses. This is because (a) all 
atoms have the same number of left and right parentheses, namely none, and 
(b) any other s-expression has the form (a . /3) where a and are s-expres- 
sions. If this proposition is true for a and fi, then it is certainly true for 
(a . ft) which adds one more parenthesis of each type. It is also evident that 
each left parenthesis is paired with a unique right parenthesis, namely the 
first right parenthesis encountered by making a left to right scan starting at 
the given left parenthesis such that all the intervening parentheses are paired. 

Notice that both (A . (B . C)) and ((A . B) . C) are s-expressions, and 
that they are considered to be different s-expressions. The mathematical 
principle which asserts that algebraically X+ (Y + Z) is the same as (X+ Y)+ Z 
is called associativity. The composition of s-expressions is not associative. 
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One more comment, this time on the use .of Greek letters. A Greek 
letter is never part of any s-expression, or %r ; that m^tt?r any oither type of 
entity constructed anywhere in this book. It is purely an explanatory device, 
as in the previous definition where we ^a^,"^et jpt.an^| ;.,be any s-expressions". 



Problem Set 1 



1. Which of the following are s- expressions? 

a. ABC b. 35A 

c. (A . B) d. (A . B)) 

e. (A . B . G) f. ((A . B) . C) 
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2. How many different s-expressions are there that use the atom "A 
exactly n times and contain no other atoms? ( Call Ihis function *{n). Don't 
try to find an algebraic formula fer ir(n) which may not exist, but learn how 
to compute ir(n) when you know the values of ffor all numbers less than n. ) 

The examples of s-expressions which nave just been given are all 
written in what we call dot notation . There is another '' shorthand" notation 
for writing s-expressions called list notati on. It is more convenient and is 
more generally used. Hbwev^r, we are noi introducing any new s-expres- 
sions. Every s-expression can be written using only do* notation^ but many 
s-expressions are much easier to write in list notation^ Some s-expressions 
cannot be written in list notation. 

Although list notation i is most commonly used, dot notation is 
considered more basic. TheoTe^alproperties of s-expressions are 
resolved by referring to dot notation. ^f ~r , 

In the list notation, a special status is given the atom NIL as the 
terminator of lists. A l&t is an expression having the form (a, a„ ... a ) 
where each or. is an s-expression. m other words, a list is just several 
s-expressions enclosed between a set of parentheses, with spaces between 
them. This list is the same s-expression as (<*' . (a. . t. ". . (a NIL) 
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Some examples of lists (left column) and the equivalent in dot notation 
(right column): 






NIL 


(A) 


(A . NIL) 


(A B C) 


(A . (B . (C . NIL))) 


((A)) 


((A . NIL) . NIL) 


((A B) (XYZ) (U V)) 


((A . (B . NIL)) . ((XYZ . NIL 
. ((U . (V . NIL)) . NIL))) 


((A) ((A))) 


((A .NIL) . (((A . NIL) . NIL) 
. NIL)) 



Some s- expressions cannot be represented without dots, for example 
(A . B). Mixed notation may also be encountered such as ((A . B) (C . D)). 
In this case, there is a list at the top level, and dots at a lower level. This 
is the same s- expression as ((A . B) . ((C . D) . NIL)). In general, we 
avoid creating s- expressions that require dots, but it is well to keep in mind 
that the dot notation is the simplest way of explaining the underlying theory of 
s-expressions. 

Problem Set 2 

1. Write each of these s-expressions using only dot notation. 

a. A b. (A B) 

c. (1 (2) ((3))) d. () 

e. (A (B ((C)))) f. ((A) 2) 

2. Write each of these s-expressions without dots if possible. 

a. ((A . NIL) . ((B . NIL) . NIL)) 

b. ((A . NIL) . (B . NIL)) 

c. (A . (B . (C . NIL))) 

d. (NIL . NIL) 

e. ((APPLE . (PIE . NIL)) . ((CHEESE . NIL) . NIL)) 

f. ((X. NIL). ((NIL. Y) . NIL)) 
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§1.2 Basic Functions of S-expressions 

We are now going to consider a small number of very basic operations 
that one can perform on s- expressions. These operations are the foundation- 
of all subsequent processing of s -expressions in much the same way that 
counting up and down is the foundation for all of ariiiimetic. As you probably 
know, counting is even more basic than adding and multiplying when we 
analyse operations from the mechanical viewpoint. 

Because we are using a mathematical approach, we describe these 
operations as being functions . The first function to be discussed is called 
cons . 

The function cons is used to construct bigger s- expressions out of 
s mall er ones . It takes two s -expressions and puts m left parenthesis before 
the first one, a LI&F dot between them, and a right parenthesis after the 
second one. For example, cons of A and - ; B : i» (A •'. "'Bfc' Also, cons of 
(A . B) and (X . Y) is {(A . B) . (X . Y)h 

We need a reasonable way of writing these assertions other than in 
English. So we use a notation that looks like tfcis: 

cons[A,B] « (A . B^ 

consf(A . B).<X . Y)] = «A . B) (X . Y)) 

We have said that cons is a function. In toe first line above, A and B 
are arguments of the function cons, and (A . B) is the value of cons associated 
with these two arguments. It is a common mathematical and scientific nota- 
tion to write a function followed by a list of its arguments enclosed within 
parentheses. The arguments, if there are more man one, are separated 
from each other by commas. This is exactly what we have done here except 
that we use square brackets instead of parentheses. The reason for this is 
that when the arguments are s- expressions, this could get confusing since 
parentheses occur as parts of s -expressions. 

Getting back to cons for the moment. Since every S-expression is 
built from atoms, every s-expression can be put together from atoms using 
cons. Consider the case of (A . (B . C)). We have consfB, CJ = (B . C), and 
cons [A, (B . C)]= (A , (B . C)). Putting these together, we have cons[A, 
consfB, C]] = (A . (B . C». This is an extension of our notation, and is 
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called composition . 

Let us look at some examples of cons: 

1. cons [BILL, JOE] = (BILL . JOE) 

2. cons[A,(B . C)] = (A . (B . C)) 

3. cons [A, cons [B, C]] = (A . (B . C)) 

4. cons [A, NIL] * (A) 

5. cons[A, (B C)] = (A B C) 

6. cons [A, cons[B, (C)]] = (A . (B . (C . NIL))) = (A B C) 

7 . cons [A. cons [B, cons [C, Q ] J] r (A B C) 

8. cons [(A), (A)] = ((A) A) 

Problem Set 3 

1. What is the value of each of the following? 

a. cons[B,B] b. cOrisftA . B). (A . C)] 

c. cons[(A B),(A C)] d. conit^, (R S)] 

e. cons[(A B C), (D E F)] f. cons [cons [cons [A, NIL], 

KILL NIL] 

2. What is a commutative operator? Is addition of numbers commuta- 
tive? Is cons commutative? 

3. Describe a necessary and sufficient condition for the value of cons 
to be expressible without dots. 

Next, we consider the pair of functions Car and cdr which are used to 
take apart s- expressions. Car and cdr are unary functions; unlike cons 
which is a binary function, each takes only a single argument. 

car[(A . B)] = A 
cdr[(A , B)] = B 

Car and cdr are not defined as having values when their arguments are 
atomic. For example, car[A]has no meaning. Any s-expression which is 
not an atom we call a composite s-expresjaion . If a composite s-expression 
is written in dot notation, there is always one main dpt. This is the dot 
which is contained only within the outermost set of parentheses. Then car of 



the s-expression is the expression between this dot and the (leftmost paren- 
thesis of the whole s-expression, and cdr if the expression between this dot 
and the rightmost parenthesis. 



((A . (B . CM. (D. m.) 
car c< 



Examples: 

car[(A B)] = A 

cdr [(A B)] = (B) 

cdr[(B)] = () 

cdr[()} is undefined 

car{(((A)) (B»] = «A» 

car{cdr[<A B)]] = B 

cdr[cdr[(A B)]] = « NIL 

car[«A))] = (A) 

car [car [((A))}} = A 

car[cons{A, B]] = A 

cons{ear[(A)]. cdr[(B C D)JJ = (A C D) 

Many people have objected to the names car and cdr, proposing some 
alternative such as "first" and "rest" which describe the effect of car and cdr 
on lists. Yet these names have remained around because they compose into 
sequences of cars and cdr s and remain at least slightly pronounceable. For 
example, caddr (pronounced CAH-duh-der) means "car of cdr of cdr". So 
caddr[(A B C)] is the same as car[cdr{cdr«A B C)]]} which is C. Notice that 
it is the rightmost a or d in the word which gets performed first, just as it is 
the rightmost function when we write out the longer form. 

Examples: 

car [(A B O] = A cadr[(A B C)} = B 

caddr [(A B C)J = C cdddr[(A B C)] = 

cdar[(A B C)J is undefined cadadr[«A B) (C D) (E F))] = D 



-8- 



' * * - ' - * " * '*#*+!^Bl£8&is$*^ 



Problem Set 4 

What is the value of each of the following? 

1. car[(A . B)] ?. cdr{(A . B)] 

3. carp B)] 4. cdr[(A B)] 

5. carfcdrftA B)]) 6. cadr[(A Bjf 

7. cdar[(AB)J 8. cdar{<(A B>yj 

9. cdar{((A) B)J 10. caaarf<(^A)))H 

11. cons[«ar[((A)*], 

cadrf(A (((B) (C))))]] 

Mixed Expressions 

We have been discussing LISP expressions isueh as "cohsf x, y 1" .■'. 
Arithmetic expressioftH such art "m+y*** ar^^l^iMirt- ^ yd^and need no 
special explanation. Since numbers are considered atoms and can appear 
within s- expressions, it is perfectly meaningful to mix LISP and arithmHic 

Example: 
car[(2 3 4ty» cadr[(5 7 9)J = 2 + 7 ! * « 

Not all such expressions will be meaningful. 3 + car((4 A 10)] = 7. but 
3 + cadr[(4 A 14) Hi* undefined. < H A»* is a name, and addition is not defined on 
names. Certainly we would not want to Say c**egorieally that 3 + A is mean 1 - 
ingl ess. The question of whether A dm lw-*SSft#i«l#ied *© be a VarlsfMe or 
whether it means only itself i» ©ne of interpretation. The question can only 
be considered in context, and we cannot discuss it adequately- here. ) 

Within LISP; the notions of truth and falsity can be represented by the 
atoms T arid F respectively. A funeiioft wlS<Si« vat u* is always T dr Pis 
called a predicate. There is Id basic predicate called atom which tells us 
whether its argument is an atom, 4hatUs, *t tta«lfi^!^li^^if^s argument 1« 
an atom, and F if its argtmirent ii^ r '^ompM>ifte'^e^^s^6h.>~ ; '--'' 
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Examples: 

atom[A} * T atomy 974] ■ T 

atomf()J=T atom[AB€] = T 

atom[(A B O] = F atom[9W|lAB C)J] = T 

atom[cdr[(A B C)|) = F a torn {cons [A, B ]} = F 

Equality itself is considered to be a basic predicate of s -expressions. 
Suppose we give the notion of equality the name equal . Equal Is defined as a 
binary predicate which has the value T if both its arguments are the same, 
but has the value F if its arguments are different s-sxpressions. 

Examples: 

equal[A, A] = T equal[(A B C). (A BC)] = T 

equalfNIL.O] = T equalftA B), (A . (B . NIL))] = T 

equal [A, (A)] = F equal((A . <B . C)). 
equal(car[(2 3 4)]+ 2, 4] = T <(A • B) • C)J = F 

In practice, we shall seldom use the function name equal, but instead 
use the equal sign to mean the same thing. Instead of writing eq««lf A, AU 
we shall write A = A, or when necessary [A = A} # When a faiietiof*, symbol 
(usually a Hpecial Bymbol rather than a name speUed with letters) is used 
between two arguments rather than preceding both of them, mis is called 
infix potation * We use it frequently and in fairly obvioua ways, but since 
problems of syntax are not an important part of this book, there will be no 
formal theory about parsing such grammars. In conclusion, the preceding 
examples will normally appear as [A = A] = T, |A»(A)i s F, : etc. 

Cons, car, cdr, atom and equal are the five basic functions for the 
manipulation of s -expressions. 

Suppose we wish to form a list from three constituents. We can des- 
cribe this construction by writing cons [a, cons 0, consfy, NIL]]] where a, /3, 
an*y are the three s-expressions to be listed. This is too long to write, so 
we introduce the shorter notation using the function list which can have any 
number of arguments including none. The preceding example can be replaced 
bylistfa,/S,y]. 
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Examples: 

list [A, B, C] = (A B C) listf] = nil = () 

list[(A B). (C E|)Jia r{{A B) (C D)) listrifttfAJJ « <(A» 

cons [A, list [Bi C,0t)MABCD) «( i ;rn 

Another convenience is the predicate bu» wHicfr 4ias a Single argument 
and is true only if that argument is NIL. 

Examples: 

null[0] = T null[A] = F 

null[cdr[(A)]] = T nullf(NIL)] = F 

Atoms can be sorted out into two types, names and numbers, and to 
do this we introduce two predicates, name and num . 

Examples: 

namefABC] = T name[(A)J = F 

name[5] = F num[5J = T 

num[cadr[(A 2 (5))] = T num[(3)] = F 

num[A] = F num[3+ car[(5)JJ = T 

There is another function which we shall consider to be basic without 
any justification at present. Consider the set of all names (not numbers). 
There are infinitely many of them, but they can be placed in a definite order 
in an infinite list, that is. they can be enumerated . We list shorter names 
before longer ones, arranging the finitely many names of any particular 
length in alphabetical order, putting thru 9 at the end of the alphabet. 

The function enum is only defined when its argument is a number. 
The value is always a name, and if we form the list enumfO J, enum[l ], 
enum [2]. . . we get exactly the enumeration discussed above. 

Problem Set 5 

1. list[A.2 + carf<3 4)],B] 2. list[2 + 2, 2 + 2 = 4.2 + 2 = 5) 
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3. atom[list[A, A = B]J 4. enum[2 + 2] 

5. name[enum[2 + 2]] 6. enum[A] 

7. cons[name[A],num[A]] 8. (A . B) - (B . A) 

9. list[(A B), list[(C D), (E F)]] 10. cadadr[((A B) ((C D) (E)))] 
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CHAPTER THK* 
RECURSIVE DEFti#riEONS 



Prev iew of Chapter Two 

' v. 1 ,-. ' ■"" '■ ; i : ,-.■ ' ■ ". ' «.;)»• ' ■■ ,'■ ' " ■ "'.j ; ...- ■ ■ 

The chapter begins with some comments on functions, and the termi- 
nology concerning them, from the vf«wpolAf -t# -^h*rve ^sef theory. After this, 
a very simple language is defined wh*e»v &faW&m&j&* basic functions 
discussed in Chapes ©R«,lrtlt«^«wtiff to ife&td every function of s- expres- 
sions that is in any reasonable sense calculable. 

Having now completed Chapter ©s*e/ *&&***& you had learned arith- 
metic but not algebra, i W&vto*ukto&^$*^.lfa%1i& M¥y : ^z. ' What we 
need among other tbJags a*e wtfftfeftMtf; «Bid *%ll^<tci ^# i th^m so that we can 
describe general instead of particular cotttputartforts. 

§2. 1 Functions 

The concept of a "fundtion" in set theory is synonymous with "mapping" 
or "correspondence". Suppose we have two sets, A and B, and for every 
object in A, there is an object (or element) o?B associated with it. Then 
this correspondence is called a function, and A is the domain of the function, 
and B is tterajge of the function. Although every element of A has a 
corresponding element in B, it is not the case that every element in B must 
correspond to an element in A. A given element of B may correspond to 
more than brie element of A, or to none at all. 

From the point of view of set theory, the function itself is viewed as a 
set. If f is a function from A to B (we write mis as fjA^B) then f itself is a 
set of ordered pairs <a. b> such that a € A (a is a member or A) and b € B, and 
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such that for every a tE A there is exactly one such ordered pair which is a 
member of f. 

Some funetians have m©** &fc*i tffte argument, ff f is a function of n 
arguments, then f has n domains, A^ mem A^ >, and one range, B, and we may 
specify this information by writing tf^ * . , . x A ft * B. The function f is then 
a set of n+ 1-tupfcfes Uj, ,,. .a^.%) Ulk*re<e«*iti*. € A , and b t B, and such that 
for every combination of one ■* frt»*n **fch A., there is exactly one such 
n + 1 -tuple in f. For example* cons:S x S * S is the infinite set of triples 
i (A, A, (A . A)> . . . J containing every possible pair of ^expressions together 
with their cons. 

As was mentioned in Chapter One, members of sue domains) of a 
function are oaU*d^rj^m^^ a«d ra**»fe«r* <rf the rang* «!* called values . 
The set { % &} i« calfcea ** A function whfcs* **«#& Is t is called a 

predicate. 

Any safes** *£ * funottoh i% catted a jgttjaTSanctt^ 1d^t is, a partial 
function is a runc**«Mi «M 4h*y not tea ve **mes A**u it. m*gnai«»ts. Some- 
times we are a bit aloppy and u*« *he wM % %mmm , \T&rniW*mm n pam<aL\ 
function", Th*n, when w* warn ta «•*?*«»& e tt* coTtip**t*n*#B «r ft function, 
we are led to «*e tfce term W&Mm&&&* i#* *t*«» **«tttt «t uartfal and 
total »redi<ca*e« t 

Ail «f this may W6«h extremely ©fcvte«% but it is important to stress 
that When we taftt of a fuwctio* we *re sso* f*e*te*r4i^ *© a procedure or a sub- 
routine. The distinction is important, and is ,*<X0Ly analc^ws to the differ- 
ence bet ween a loaf of to-sad and a recipe *»r baking a fo$f of i>reipd. Ilecipes . 
like procedures,, caw %e published in bodies aM |&o*ttaI&> !&> <sne ha* ever 
published a loaf of bread. Similarly, the function cons *san be discussed, and 
subroutines written to compute it, feu* the function itaelf is an infinite set and 
is therefore a ^ciptuai ^»|e«ftis*^ *m**f a printed '<qb**t, ft is also impor- 
tant trot to confuse the name %ft * function ^ith tne taction itself. 

§2.2 Recursive Definition 
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ftecursive Definition: A definition of a function 
permitting values of the function to be computed 
systematically in a iimte namfeer of steps; esp: 
a mathematical definitfbh in Which flie first case 
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is given and the nth case is defined in terms of 
one or more previous cases and esp. the 
immediately preceding one. 

Webster's Third New 
International Dictionary 

It would be hard to improve on this definition. We shall start this 
discussion by illustrating that many ordinary functions of arithmetic may be 
defined recursively starting only with the functions successor and predecessor 
as given. The meaning of the notation being used will be explained in English 
After this, we shall define more formally the language we have been using. 

The successor of a number is one more than that number. For 
example, the successor of 5 is 6. Our notation for the successor of n is n ' 
Xo 5 -■ 6, and 5-7. 

The predecessor of a number is the next smallest number. The pred- 
ecessor of zero is not defined. Our notation for the predecessor of n is n". 
So7 =6 « and 7 -5, and l"" is undefined. 

Starting with only these two functions, and equality, we proceed to 
define addition and multiplication: 

(1) m + n«- [n = -»rr.,T -»m'+n"] 

(2) m x n «- [n = -» 0, T ■♦m + m x n "j 

Translated into English, the first definition reads: "The sum of m and 
n is m if n is 0; otherwise it is the same as the sum of the successor of m 
and the predecessor of n. " This fits the dictionary definition perfectly. We 
say that we are recursing downward on n. When we count n down to 0, then 
the process is over and we have an answer. For example, 5+ 3 = 5'+ 3" - 
6+2 = 6 + 2 =7+l=7'+l- = 8 + = 8. The recursive definition is applied over 
and over again until the second argument (called n in this definition) is As 
long as n is greater than 0, the second part of the definition applies and the 
computation proceeds. When n , 0, then the first part of the definition applies 
and the computation is over. It never becomes necessary to take the pred- 
ecessor of 0, and therefore an undefined condition will never arise. 

We call line (1) a rec ursive definition. It provides an explicit method 
of computing the function »+» given the successor and predecessor functions. 
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This particular recursive definition gives a value which is a number every 
time it is applied to a pair of arguments which are numbers. But not all 
recursive definitions are this way, A recursive definition may not compute 
a value for a. variety of reasons. The fact that (a) this particular recursive 
definition computes a total function, and (b) this total function is the familiar 
function "+'* are particulars which are obvious in this case, but in general 
the correspondence between the function computed by a recursive definition 
and a function understood or specified in some other way must not be 
assumed without good and sufficient reason. 

Line <2) is a recursive definition for multiplication. It can be trans- 
lated into English as "The product of in and n is D if n is 0; pmerwise it is 
the sum of m and the product of tn and tne ar«Niiece$sor of n." This definition 
invokes the previous definition of addition. So the recursive definition of 
multiplication is really both lines. 

It will be our general habit when making recursive definitions to build 
up more complicated functions from simpler ones. Prom the definition of 
multiplication we see that § x3*5+S SS2*141*S * 1 * l Sf+i$ + 5 + 5 xO = 5+5 + 
5 + = 15. 

Recursive definition is ,al*jO ( ; u*est ,to specify tfre coarctation of predi- 
cates. The numerical relatioti "if .^^MsjgpiK|r f /fiMHKftTs -Mte#»»-«*«»«ai*» <** *ttChv I* 
can be defined by: 

which expresses the English definition: '"if m is Jtero, then m is not greater 
than n; if m is ntit sift& and n is zero then m is gy«*t«r .ffyfg ft; and if neither 
is zero then m being greater man n depends on m* being greater than n". " 
When m and n are numbers, the value of H> " will always be either T or F. 
The predicate ">** can now be used to define the function maxfm, n] , whose 
value is the larger of its two arguments. 

maxfm, n) «- |m > n * m, T •♦ n] 

Recursive definition is used to define functions of S- expressions other 
than numbers in a similar way. An important LISP function is substfx, y, z], 
whose value is the s -expression resulting from substituting the s-expression 
x for all occurrences of the atom y in the s-expression z. For example, the 
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result of substituting <R S) for all occurrences of B in (A B (C B)) is 

(A (R S) (C (R S»), i.e.. subst[(R S). B, (A B (C B))] = (A (R S) (C (R S»). 

Subst is defined recursively by: 

subst[x.y, z}*- {atafefz] * (jE*i "•^T.'^T *• ,c*m[m*>Bt[x, y, 
carl2]],sub8ttx.y f cdr[zJJ]) 

which translates: "If z is an atom, then if 31 U the same as at the value is x, 
otherwise the value is z, but if z is not an atom then the value is obtained by 
first computing subst of x and y and car of z, and subst of x and y and cdr of 
z, and then taking the cons of these two 8*«npressions. " 

This example is more complex than the preceding ones in two ways. 
It contains a choice nested within a choice in tnat if z is an atom, then there 
is still another decision to be made. Alrb,* the recursion generates a tree- 
structure of subproblems rather than a linear sequence as in the preceding 
numerical examples. The recursion on the argument z may require com- 
puting subst of carfzj and &tr[z), which may in turn require computing subst 
with the third argument being car[carfz]]. cdrfcar{z]J. earfcdrtzj], and 
cdr[cdr[z]]. The larger the s-expressioh zi f l8e larger S&'&ee of sub- 
problems will grow. ". y ■- 



subst [(R S),B,AJ«A 



subst[ 



•ubst[(R S)/B,(A B (C B))]-(A (R 8>. ()C,(R 3))) 



*ttbst(OkS0|B*<B (C B))] 






•olwtffR 8>,B,((C B))] 



*ub*£ y§ $) r * t yiL] -NIL 



subst[(R S)>B,C}-C 




subst[(R S),B»B1-(R S) 



•j*eef<ft-£teB«1toJ- 



flub.t [ <R S) ,B, NIL] -NIL 



cons [A, cons [ (R S),eon»[con»[q,cons{ (R S)^»ILJ^||IL] U«^ (K S\ (C <R S))) 
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We have been making use of the language of recursive definitions in an 
informal way* w# m&vr proceed to define th* language more formally. First 
we give a Concise grammar, and then define me semantics of the language as 
a set of instructions for computing complex functions from given basic 
functions. 

Grammar: 

1. An identifier is a sequence of one or more lower case letters 
and digits. It must begin with a letter, {This Is the same 
as the definition of a name except th$t n^mes have upper 
case letters. Ideiottfiers and aaines are in oner to-one 
correspondence by merely changing the case of the letters. ) 

2. A variable is an Identifier. 

3. An object is an s^expression. . ,. .„,•■ 

4. A function name is an identifier. (See exception below. ) 

5. A form can be any of the following: 

a. a variable 

b. an object 

c. p[€y . . . , c n J whereat is a fuaction name, and each 

c. is a form. (See exception below. ) 

d. a conditional form (b&PIJ'- ~»~ . ... . ^ 

6 « A. proppsltionat form is a form. (The distinction is semantic 

and will be made in the following discussion. ) 
? . A conditional form is ^ * fj, . ..,*_ "^rfmihsre n * 1, and 

each of the ff. is a propositional form, anil eli|(| Jdl^tk« c is 

a form. 
8 - A recursive definition is «Jil^ . ..,{!♦• c. where**) is a 

function name, each of the f . is'I'' , viw4ab|e, and c is a form 

containing no variables ,dfher than the £,. 

Exception: Rules 4 and 5 above permit forms such as cons [car [x], 
cdrfy]} but not forms audi as 3 rtm + n. It Is Convenient to have 
functions specified by conventional symbols such as "+", "x" and M +" 
as well as by identifiers, and it is also convenient and conventional 
to use certain of these symbols as infixes (m+n), prefixes (-m) 
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and suffixes (m ). Because we are not concerned with writing 
compilers we shall gloss over the syntactic problems of such 
notation in the following way: every function a^d predicate 
which is specified by a conventional syjnbolhas an identifier 
type name also. As long as the parsing, of any Jovx®, that we 
write is clear to the reader, we can pfetend;*^ certain theoret- 
ical situations that the only official notation is that of identifier 
names followed by arguments in brackets, i. e, # v?tf • » ]• For 
example, "3 xx-y> z" is simply a convenient, notation so that 
we do not have to write out "greater f difference [times [3,, x ]. y], z]'\ 

Semantics: 

1 . A recursive definition has meaning because it is an explicit 
algorithm for computing a partial recursive; ftthctidn. To 
the left of the left arrow in the recursive definition is the 
name given to the partial function being defined, and a list 
of variables. The list of variables specifies the number 
of arguments the function has, and assigns these variables 
as the temporary names cf the arguments while 1%e compu- 
tation is in progress. This temporary identification of 
arguments with variables is called a binding of the vari - 
ables. The value of the function is obtained by evaluating 
the form to the right of the left arrow, using the rules 
given below, with this binding of the variables in effect. 

2. The value of an object is itself. 

3 . The value of a variable is obtained from the binding as 
specified in nil© 1. 

4. The value of a form of the type p[e, . . . , ,^| is computed by 
first evaluating each of the forms € using these rules, and 
using the resulting sequence of values as arguments for the 
function (p. If <p is one of the basic functions Or predicates, 
its value is obtained immediately. However, if ^ is itself 
specified by a recursive definition, then the current com- 
putation must be set aside, and the computation to obtain 
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the value of for these arguments must be performed. 
When this is completed, die current computation is then 
resumed; and neither die bindings or the variables, nor 
any other partial results in process will have been changed 
from what they were before invoking the definition of 0. 
This process can oeetir nested to a considerable depth, 
with many levels of computation interrupted and incom- 
plete. 'When 'the definition of <p is invoked from within the 
definition of tp, this process is called recursion . The 
example of subst is a good case to study. 

5. A prepositional form is a form whose expected value is T 
or F. Typically, it is either oneof 4h« objects T or F, or 
it is a form qd^, . . . , ^] where -s> is a predicate, it may 
also be a conditional form. 

8. The value of a conchtional form fo * c, ...,*■* e] is 
obtained by evaluating the propositioftal form* f. from left 
to right until one is found whose value is T. Then, no 
more t. are- evaluated, but the corresponding e. is evalu- 
ated, and it# vaJwe is the value of the conditional form. 
An important property of a conditional form is that nothing 
gets evaluated beyond what is necessary to select and eval- 
uate the proper f { . For example, if », evaluates to F. then 
Cj is not evaluated but passed over, and » 2 gets evaluated. 
If the value of 9^ is T, then ^ is evaluated to provide the 
value of the conditional form, and everything <o the right 
of c, is ignored. 

There are a variety of reasons why the process of evaluating a recur- 
sive function may not produce a value: 

1. A variable on the right side of a definition does not occur on the left 



side. 



2. A function referred to in the definition has not been defined. 

3. A function is given an incorrect number of arguments. 

4. In the process of evaluating a conditional form, one of the ff. 
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evaluates to something that is neither T nor F. 

5. In the process of evaluating a conditional form, all the it. evaluate 
to F and the end of the form is reached. * 

6. A function called in the computation is given an argument for 
which no value is defined, such as car applied to an atom, or addition applied 
to non-numbers. 

7. The computation continues forever without encountering any of the 
errors mentioned above, but without ever terminating. 

Reasons 1 thru 6 above are simply programming errors that can be 
avoided by correct procedure. Reason 7 is a fundamental property of com- 
putation having important logical consequences. There is no possibility of 
eliminating it from any programming language powerful enough to do general 
purpose computation. 

Problem Set 6 

In each of these problems you may assume any of the definitions made 
thus far. including all the problems preceding, the one you are working on. 
Sometimes it is necessary to define a helping function first before defining 
the function you want. 

1. Are the functions ".-»■ and »*» defined here total or partial? 

m - n «- [n = «♦ m, T -♦ m" - n" J 

m fn «- [n > m -» 0. T -» 1 + [m - n] -5-nJ 

2. Define exptfm. n] or m n . (Let exptfO, <*] = l, ) 

3. Define remainder [m, n]. 

4. Define m |n. which means m goes into n an integer number of times. 
(It is a predicate. ) 

5. Define prime[n]. a predicate which is true if n is a prime number. 
(The first prime number is 2. ) 

6. Define gcdfm. n] (greatest common divisor), and lcmfm. n] (least 
common multiple). 

7. Define nthprime[m], which gives the nth prime. Use the convene 
tion that nthprimefO] = 1 and nthprime(l] = 2. 

8. Define the predecessor function using only successor and equality. 
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thereby demonstrating that all the functions in this problem set require only 
successor and equality as their basis. 

Let us adopt the Coding convention that a finite set of s -expressions 
will be represented itt LISP by a Mst "of f&ese* s- expressions. For instance, 
the set {A B C] can be represented by the list (A B O <M* by the list (B C A} 
or by any other permutation of the mtMtmhBit Tfee list must have no repeti- 
tions. We can then define LISP functions that perform basic set-theoretic 
operations. For example, the r^atte** of ' membership is represented by the 
LISP predicate member, defined by 

member |x, yj ♦* (#ull[y) •* F,.x * c*r|yj -* T, . T -• member [x, cdrfy ]]] 

The operation of taking Hie union of two sets is represented by Hie 

function union; 

union[x # yJ*- Inuilfx] * y, member {ear £x],y} + unie*{cdr1x),y]. 

Problem Set 7 

1. Define the function inter sectiortfx, yl. 

2. Define Hie predicate se q a i vf*, y} which means "equivalent" in the 
sense of representing Hie same set. Two lis** representing sets are sequiv 
if they differ only to ttw or^er of their elements, #. gf. , sequivf<A B C), 

(A C B» = T. 

3. Define Hi# function reverse* whose value is the same list as its 
argument, but in reverse order, e,g., reversef((A M) (C D»J*{(C D) (A B)h 

4. Define the function length, which computes the length of the list x. 
lengthfNlL] = 0. 

5. Define the function site, where sisefxj is the number of atoms 
occurring in x, counting each atom as many times as it occurs, e. g. , 
size[<A (A))] * 4, 

6. Define the function vocab, where vocab [x] is the set of atoms 
occurring in the s-expres3ion x. VocabftA # C> '<J)j = (A S C NIL), or any 
list which is sequiv to this. 
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§2.3 Partial Recursive Functions 

The basic functions for computing with s- expressions (including num- 
bers) are: car, cdr, cons, equal, atom, num, name, enum and successor. 

We have seen that predecessor can be defined from successor. Name 
can also be defined from atom and num if we are sure that there will never be 
any other type of atom. We prefer to leave this unspecified. 

The function enum is peculiar. Without enum, we would not be able 
to define those functions which depend on the spelling of names, but would be 
limited to functions that only take note of two names as being the same or 
different. But using enum, we can define concat, which concatenates two 
atoms (e.g., concat[A, X3] = AX3), and explode, which lists the letters and 
digits in a name, e.g., explode[AX3] = (A X 3). These two functions, in 
turn, form the basis for any other manipulation of the characters that make 
up names. 

The basic functions of s- expressions together with the language of 
recursive definition lead to the concept of a partial recursive function . 

Lemma 2. 1 

Consider a finite sequence of recursive definitions: 

*1 [? 1 ^l-'l 

<°n [§ l 5 ml" f n 

n 

where each <p. is a distinct function name, and each €. contains only the 

names of basic functions and names from the sequence <p.,.,.,<p ; then 

associated with each^ there is a procedure for computing a function of m. 

arguments. This procedure, when performed with any given sequence of 

m i s- expressions as arguments, either produces a value, encounters an 

undefined situation, or fails to terminate. Thus, each function-name <p is 

l 
associated with an m.-ary (partial) function, namely that function defined for 

exactly those arguments for which the computation terminates with a value 

(the value of the function). 

The entire preceding section is sufficient proof that such a well-defined 
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computational procedure exists. 

Definition 2.2 

A partial recursive function {of s -expressions) is any function for 
which at least one computational procedure as defined above exists. 

It is well to keep in mind the distinction between a function, a 
function-name, and a procedure, ft is the process of writing down recursive 
definitions that associates names and procedures with functions. A function 
is independent of any procedure used to eipeclfy it. However, the concept of 
recursiveness is absolutes a function Is either recursive or it is not recur- 
sive. It is recursive if mere is at leest one way to compute it (and it is 
easy to see that there are then many ways to compute it), and it is not 
recursive if mere is no way to compute it. When * function is specified in 
some way that does not imply a computational procedure, this does not tell 
us whether or not it is recursive. 

§2.4 A Universal LISP Funct ion 

■ ■■ moil ■■■ .i ii *■ 1 1 ■ m n «■ mmmm*t+**mm*m*ii*m0m****m-mi*mmmmmmmmimm~ 

It is natural to want a theory of iNtcujnsive functions. We may ask 
questions such as; Mow large Is me class of recursive functions? Are 
there functions mat are well defined but not reeurMeet If we add new com'* 
putational techniques or more basic functions, are we able to compute more 
functions? The idea of an interpreter or universal function is central to 
such a theory. 

The importance of lemma 2. i is that the procedure for computing 
partial functions is effective. This means met we can program a general 
purpose computer so that when we give it a sequence of recursive definitions, 
and a set of arguments for one of the functions, me computer men computes 
the jralue of the function applied to these arguments if the value exists, and if 
the computer has enough storage and time. Such a program is called a 
LISP interpreter , and has been written for many computers. What is of 
great significance for the theory of recursive functions, is that such an 
interpreter can be written in LISP itself. 

We define a universal LISP function called apply. Applyffa, args ] has 
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two arguments. The first argument is a sequence of recursive definitions 
as in the statement of lemma 2.1. Since an argument for apply must be an 
s -expression, we must code such a sequence of recursiyse definitions into a 
single s-expression. The first function defined in the sequence will bethe 
one we wish to compute, and the other definitions necessary to it may follow 
in any order. The second argument for apply is a list of the arguments for 
this function. 

We first define a translation whereby a sequence of recursive 
definitions, as in the schema of Lemma 2. l t becomes a single s-expression, 
the argument fa of apply. We shall call this translation process '»*", so 
that, for example, if c is a form in the language of recursive functions, then 
€ * is its translation into an s-expression. 

Rules for translating recursive definitions into s -expressions: 

1 . If c is a variable, then c* is the atom obtained by making all 
of its letters upper case. 

2. If cis a number, then €* is just c. 

3. If €is T, F, or NIL, then 'c* is just c. 

4. If cis any other object (s-expression), then c* is (QUOTE O. 

5. If <p is a function-name, then 0* is the atom obtained by 
making all its letters upper case. 

6. If « is a form of the type (p[€y ...,«_], then €* is dp* c* . . . * n * ). 
(Forms using infix, prefix, or suffix ^er^03 are translated 
as if they were in standard form. There are names for each 
such operator. Also, some functions have* an indefinite 
number of argumentsy They are LIST, PLUS, and TIMES. ) 

7. If c is a conditional form [if ■* ty . . . ,* n -» < n J, then €* is 

(COND(ff *€*)... (tr *c *)). 
11 n n 

8. A recursive definition (p[ty . . . , 5 R } *■ cis translated as 

(<p* <§.* ...5 *)€*). 
i n 

9. The argument "fa" of apply is a H^ of translated recursive 
definitions as described in step 8, with the function to be 
applied coming first on the list, and all functions that it 
uses, except for basic functions, appearing in any order 

on the list. 
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The translation process "*" t« "the UtSf* equivalent of a technique 
known to logicians as "CMMM humb«rijig" which we shall discuss later. 
However, Q&del numbering ts m 1 fa»B re Mc al concept which is impossible to 
use in any practical sense, whwsresas *he use -of s-expressions to define 
recursive functions is standard practice tor LISP programmers. 



Rule 

1. 

2» 

3. 
4. 



5, 
6. 

6a 
7* 

8. 

9. 
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(IPO© *X IT) *UST X IGttXW V*&#3UTGIt *X) 

The partial wanir**** ftmctton «f>ply is *etln«l via a number of 
auxiliary functions. 
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Definition of apply: 

a PPly[fa, args] «- app[caar[fa], args, fa] 

app[fn, args, fa]«- [ 

fn = CAR ■♦ caar[args], 

fn = CDR -> cdar[args], 

fn = CONS -» cons [car [args], cadr[args]k 

fn = LIST -» args, 

fn - ATOM -♦ atom[car[args]], 

fn = NUM ■* num [car [args]], 

fn = NAME -♦ name [car [args]], 

fn = NULL •♦ null[car[args ]], 

fn = ENUM -» enum[car[args]], 

fn = SUCCESSOR -♦ car [args]', 

fn = PLUS -* applus[args], 

fn = TIMES -♦ aptimesfargs], 

fn = NOT -» [carfargs] = T ■» F, car[args] = F -»T], 

T -• apd[assoc[fn, fa], args, fa] ] 

eval[e, a, fa] «- [ 

num[e] -♦ e, 

e = T •♦ e, 

e = F -» e, 

e = NIL-*e, 

namefe] -♦ cadr[assoc[e, a]], 

car[e] = QUOTE -» cadrfe], 

carfe] = COND -♦ evcon[cdr[e], a, fa], 

car[e] = AND -» evand[cdr[e], a, fa], 

carfe] = OR -» evor[cdr[c ], a, fa], 

T -» app[car[e], evlis[cdr[e], a, fa], fa] ] 

apd[fd, args, fa] ♦- eval[caddr[fd], pair[cadr[fd], args], fa] 

applus[a] *- [null[a] -♦ 0, T -» car[a]+ applus[cdr[a]]] 

aptimes[a] *- [null[a] -» 1, T •♦ car[a] x aptimes[cdr[a]]] 

assocfe, a] *- [e = caar[a] -» car[a], T -♦ assocfe, cdr[a]]] 

pair[x, y] «- [null[x] •♦ [null[y] -» NIL], T -» cons[list[car[x], car[y]], 
pair[cdr[x], cdr[y]]]] 

evlis[e, a, fa] «- [null[e] -♦ NIL, T -♦ cons [eval [car [e], a, fa], 
evlis[cdr[e], a, fa]]] 

evconfe, a, fa] *- [eval[caar[e], a, fa] -• eval[cadar[e], a, fa], 
T -♦ evcon[cdr[e], a, fa]] 

evandfe, a, fa] *- [nullfe] -» T, eval[car[e], a. fa] -• 
evand[cdr[e], a, fa], T -» F] 

evor[e, a, fa] «- [null[e] -» F, eval[car[e], a. fa] ■• T, T -• evor[cdr[e], a, fa]] 
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The reader who finds this piece of coding dense may either puzzle 
through it himself, study one of the texts on LISF* programming, or simply 
take it on faith that it does whfti w# claim it does. The reader familiar with 
one or more LISP dialects should note that 1^» Interpreter differs consider- 
ably from the apply operator of any computer implementation. Its arguments 
are different, it does not handle LAMBDA or functional arguments, it does not 
evaluate free variables, it treats T m W, NIL and conditionals in a non-standard 
fashion and it has no PROG feature. 

Although we must normally define any function with a fixed number of 
arguments, this interpreter provides three #j*e«ific' exceptions: PLUS, 
TIMES and LIST. 

It also provides for three logical operators: OR, ANI> and NOT. 
NOT is a function defined only on the domain % Its behavior is completely 
explained by noting mat not{TJ= F and notfFJ- T. The prefix symbol for "not" 
is "-i". AND and OR are slightly more complex, fhaj 1 ar* variants of the 
conditional form. Mathematically, "A** ajtf' n yP {widen stand for "and" and 
"or", respectively) are functions on the domain # having jtwfc arguments. 
They are completely specified by the Irttowing iantne 



X 


Z 


»Ay 


*Vy 


T 


T 
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T 


F 


F 


T 


F 


T 


F 


T 


F 


F 


F 


F 



If these were evaluated in USP in the same manner as other functions, then 
a form such aa H Cj v ^ rt would require first evaluating «_ and <u with the 
expectation of getting T or F in each can* and tMar using Hie above table to 
get the value of the form. What we actually do ~& quite different: First €. 
is evaluated. If this is T, then we conclude that tj v t is T and do not 
evaluate ^ a t all. But if Cj is F, men we have to evaluate t* w « treat 
"A" similarly; if ^ is F» we conclude that Cj A ^ is F and do not evaluate ^ . 

The form "e^ v e^' is completely equivalent to the conditional form 
[€ x -» T, T -♦ <^], and the form "Cj A Cj" is completely equivalent to the 
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conditional form fo "♦ C 2 , T -♦ F]. 

This makes possible such definitions as the following alternative 
definition of member, which would not worft if these functions were evaluated 
in the standard way. (Why?) 

member^ y] «- -*mull[y] a [ x = car(y] V member [x, edr[y}]J 

The interpreter we have defined conveniently provides for AND and . 
OR to have an indefinite number of arguments. The form "c A . . . A c " is 
translated into (AND 4f ... ^*), and similarly for ,( v'< with OR. AND 
evaluates its arguments from the left to right until it either finds a false one. 
whereupon it concludes F without further evaluation, or else if they are all 
true, then the value is T. (AND), that is. AND of no arguments, will be T 
because none of its arguments are false. OR evaluates its arguments from 
left to right until one of them is true, whereupon it concludes T without 
further evaluation, or else if they all evaluate false, then the value is F. 
The value of (OR) is F because it does not have at least one true argument. 

Theorem 2. 3 (Interpreter Theorem) 

Let 6 1# . . . , 6 n be a self-contained sequence of recursive definitions 
(in the sense of Lemma 2.1), let ^ be the name of the function defined by 6 , 
and let « 1# .... a m be any sequence of s-expressions where m is the number 
of arguments for yjj. Then either 

^1 f*i fl m l e apply[list[6 1 *. . . . 6 n * J, Hstfa, .....<* ]] 

or else both sides of this equation are undefined 1,'ji. e^ .both commutations 
produce the same value, or both fail to produce values). 

The starting point for all theoretical study of computation is the fact 
that any one formulation of a sufficiently general class of effectively comput- 
able functions always turns out to be equivalent to all other su§h formulations. 
Historically, A. M. Turing defined a class of conceptualized machines of 
very simple design having an infinitely long tapeWn wfiich to read and write. 
Any function that can be computed on such a Turing machine is called com- 
putable. Turing then gave very convincing arguments to show that the most 
elaborate computers that he could think of coifd ibbt' compute anything that 
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these very simple machines could not compute, given enough time. Turing 
also showed that there is a universal Turing machine that could interpret any 
other Turing machine, given a description of tit* other machine. 

It is possible to write a recursive function that simulates a universal 
Turing machine. It is also possible to design a Turing machine that simu- 
lates the interpreter "apply". This not very surprising fact is the basis for 
a proof that the partial recursive fttBC^oas are the same as the partial com- 
putable functions on a Turing machine. 

Turing's Thesis 

Any function which can be effectively computed can be computed by a 
Turing machine. 

From this we may conclude that any function of s- expressions that is 
effectively computable is recursive. This i* Wm converse of lemma 2.1, 

and is known as "Church's thesis". 

Problem 8 

Write an interpreter that evaluates arithmetic form* ditty, K will be 
called areval, and has two arguments. 5fce ; Qrift£*f gewuntt is a form to be 
evaluated, for example, (PLUS 3 (TUHES X Yth The second argument is an 
"a-list" which defines the value* of the variable* occurring within tfte first 
argument, for example, ((X 2 > (TtB. So areval{(Jf>LtJS 3 (TtMlSS X Y)), 
((X 2) (Y 7»J * 34- 2 x 7 . 17. It does not handle conditional forms or function 
definitions. 

Further Reading 

For the reader wishing to learn LISJ» a* a programming language, 
there are two books: [McCarthy et «L } and pITefSsm^J, Additional informa- 
tion on particular LrSP implementations is, usually available at each installa- 
tion. There is also a set of graded LIS£> problems .wife answers [Hart and 
Levin], which is useful as a teach-yourseif aid. 
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There is an excellent discussion of the validity of Turing's Thesis in 
[Kleene, §70], In [Davis], Turing machines are used as the starting point 
for the development of recursive function theory. 
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CHAPTER THREE 
PROPOSITIONAL LOGIC I 



Preview of Chapters Three and Four 

This chapter begins our study of logic as a tool for making formal 
deductions. Propositional logic is the logic dealing with the compounding of 
sentences or propositions using connectives such as "and", "or 11 , "not", and 
"implies". It is not an adequate logical language for making inferences 
because it deals witii entire clauses and does not consider their internal 
structure. We study propositional logic because it is the ground floor of the 
two-story edifice of first order logic, which is our main subject. The ter- 
minology and organization of our study of propositional logic wiU carry over 
directly to first order logic. 

Chapter Three introduces the language of propositional logic, the 
technique of making logical propositions, and the feasibility of mechanically 
checking deductions to determine if they are correct. Chapter Four presents 
the mathematical theory of propositional logic. 

§3. 1 Propositional Formulas 

Making use of a fairly loose analogy, we can say that propositional 
variables correspond to simple declarative English sentences, and that 
propositional formulas correspond to compound sentences. 

A It will not rain tomorrow. 

B We shall go to the beach. 

A ^ B If it does not rain tomorrow, we shall go to the beach. 

A and B are propositional variables, "3" means "implies", and A 3 B 

-32- 



^*-r?#»C^* ' i *tv**mer w^-*.«j»— ■ . 



is a propositional formula. 

We shall make the assumption that unlike English sentences, proposi- 
tional variables can always be* interpreted as being either true or false 
assertions. There is no middle ground such as ." too ambiguous" or "doesn't 
make sense". Propositional logic is also cruder th§n English, in that the 
truth of a compound proposition depends only on the truth of its components, 
and the way they are connected by logical operators, and not on the way that 
they might meaningfully be related. For example, the English sentence 
"If two plus two is five then the world will end next Monday, " can be con- 
sidered as nonsense. Suppose we let A mean "Two plus "(Mo is five, " and B 
mean "The world will end next Monday. " If A ahd flfkrelbothfalse, then 
A^B is considered true. This is part of the definition of ,l3M , which simply 
requires that if A is true then B must be true. Since A iMSJo* true, B 
doesn't have to be true for A>P B fo be true. The saatfjig "If wishes were 
deeds, then beggars would be kings, " captures the essence qf this type of 
thinking. . ;,•:;.- v.-- - ^ 

Definition 3. 1 

A propositional variable is a name.* (It begins with a capital letter, ) 

A propositional formula is : 

(i) a propositional variable 
or (ii)-i(a) ~ 

or (iii) (a) v (0) 
or (iv) (a) a (0) 
or (v)(a)=>(fi) 
or (vi) (a) M0) 

where a and /3 are themselves propositioaal formulas. 
The names of the propositional connectives are: 

^» : . 'not . 

v or 

a and 

^ implies 

s equivalent 
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It follows from this definition that propositional formulas can be con- 
structed of arbitrary size and depth of parenthesization. Sometimes we do 
not write all of the parentheses because they are not needed. 

Examples: 

A A => B 

AV(bac> -HA 3 0=>C» 

(A A B) = (B A A) (Al A <A2 A A3)) 

§3.2 Interpretation 

The following truth table is designed to interpret propositional formulas 
for truth or falsity. To interpret a formula we must first decide on a truth 
value (T or F) for each propositional variable. This cannot be inferred from 
the truth tables and for the moment at least must be considered as given. 
Having done this, we can then assign a truth value to each sub-formula 
starting with the innermost ones and ending with the entire given formula. 
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Example: 

Evaluate (A a B) * (B v c) when A is T and B and C are F. 
From the table, we see that if A is T and B is F, then 
A a B is F. If B is F and C is F. then B V C is F. So the 
formula becomes F s F, which according to the table is T. 



Problem Set 9 



Evaluate each formula, using the following table of values for variables. 
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Al: T 




A2: T 
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= A2 
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->B3 


8. 


-i(Bl =>B1) 



To process propositlonal formulas in LIS* we shall have to translate 
them into s- expressions. The s-expression form should come as no surprise- 
propositions variables undergo no change, and the other forms translate into 
(NOT a). (ORajJ), (AND**). (IMPLIES a 0), and (EQUIV a #. Thus 
(A a B) = (B V C) translate into 4EQUIV <AN© A B) (OR B €)) = 
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1. Write a LISP predicate wff[x] which is T if x fs a well-formed 
formula of the propositional logic and F otherwise; wff itself should never be 
undefined. 

2. An interpretation for the prepositional variable* of a formula is a 
list (in any order) pairing each name with T W; F,, Fo* e*aj«ple, ((AT) (B F) 
(C F)) 1S the interpretation used in the example preceding problem set 9. 
Write a LISP predicate propevalfe, a], where e i % a.prppo^tttonal formula and 

a is an interpretation for it. Propeval should interpret *• formula as T or F. 

If a propositional formula has exactly n dtffei** variables in it, then 
there are 2 different interpretations for the f^mula. This is the number of 
different ways to assign T or F to n things. 

Definition 3. 2 

If every interpretation of a formula is T, then the formula is called a 
tautology. 

If at least one interpretation of a formula is T. then the formula is 
called satisfiable. 
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If no interpretation of a formula is T, then the formula is called 
inconsistent . 

Corollary 3. 3 

Every tautology is satisfiable, but not vice versa.. If Of is a tautology, 
then -voi is inconsistent. If a is inconsistent, then -i« is a tautology. If Or 
is satisfiable and is not a tautology, thesa -i# r i*f ^a^^^a^aj^bks and is not a 
tautology. 

Problem Set 11 



1. Which of the folio wtng are tautologies 9 Which of the rest are 
satisfiable or inconsistent? 

a. A v -,A b. A A -ifi 

c« APB A. A=MA v BV 

e. A3iA J, hAV-iB>3i(AAB) 

g. (A A B) « (A V B) h. -i(A 3 B) A B 

2. Write a IA&& function * vlfciifxf such ~<&*t if x is a formula of the 
prepositional calculus, then varsfx] is &e set of all the propositional variables, 
that occur in x. 

3. Write a LISF function tabs|x] such that if x is a set of propositional 
variables art it* gen<*ra%ed above, l^lindvaiue^ tabsfxj is a list of all 2** 
interpretations for these variables. For example, consider the formula 
(IMPLIES <AND A<2) fOU'Bd^ " Tfc*« var¥of%$i &ra^aW(A~B:.C) or 
some permutation thereof, and tabs of (A B C) is some permutation of 

(({A T) (B T) (C T» «A T) (BT) (C F»f{A%$ f ) TC ^ft ((A T) (B ^) (C F)) 
((A F) (B T) (C T» «A F) (B T) (C F» <(A F) (1 F) (C T» «A F> <B F) (C F))). 

4. Write a LISP predicate taut [x] that is T if x is a tautology, and F 
otherwise. -;.■' ,'V --.^.r:-:'.,< L . ■■■•■■ ; ^>' : '<■;'* ;;; "** '-:"■■■'' 

5. Write a LISP predicate sat[x] which is T if x is satisfiable, and F 
otherwise., - - -5-t,;"-- -->< ' 

Two propositional formulas o and are said to be equivalent formulas 
if a - j8 is a tautology. The following table of equivalences contains many 
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well-known properties of propositional formulas. They are given in the form 
of schemas where the Greek letters are used to represent any formulas. So 
a a being equivalent to a o means^ moreen A A 9 being cflujva^ent to 
baa. it means, for example, that (A p^.A £ is eq^v^fint to C.a (A,p B). 

Equivalences of Propositional Formulas: 

1. ■ * v ;0 V o commutativity of "or" 

2. a v (0 v y) (a V 0) v y associativity of "or" 

3 - a A0 $Aot commutativity of "and" 

4. aA(0Ay) : (a A ^ y associativity of "and" 

5 • -»-•<* a elimffitibn \ot double negation 

6. -iietvfi) ■ _,* A _,0 : ' -- : '- A! - ' De&8rga^^aws' : 

7. -t(ttA-0y ■■ _, A v .-.^ ; , ■'■ : - M, ' : ^itfo1%an*i'i3iis 

8. av^Ay> (ttv/9)A(avy) di^ri^iveltw 

9. «A^vy) (aA^V(iKy) dl^iutkveikw 

10. av* a 'faimPolelcy 

11. a a a a la^pWiert^y; 

12. a =>■£ -tdVji efliiiiittoli e*»tmplies" 
13 « aE (a 3 <J)A(j!3a) elimination of "equiv* 
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From equivalences 1, 2, and Id. 'we see me^Susttficatibh Tor regarding 
"or«ashavinga# indefinite numbed '^k^j^M^^^'^^^itimvLi' ; " n * 
repetitions* 5¥fcm eiiftvMeifoes«3F i! 4. mn^f l|%e AiPIHai'^p-^, 
So we«ari wHte A v B -■* e without showmf ^hte*%^is¥octa«ei. arid in 
s-expre*Blbh language we eari write <0R ft^l^f)/ py^mftfcrag ^b and OR to 
have an indefinite number of arguments. It is consistent with this' practice to 
■assume that- (G&$ - p arid mat tANDJ = Tr -"' <■■■'■'*■■»*> B'*'' ™- 

Problem 12 

Rewrite wff, propevalg taut and sat to handle AND and OR with an 
indefinite number of arguments. ! 

§3.3 Deduction 

If we are given "It will not rain tomorrow, " and "If it does not rain 
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tomorrow we shall go to the beach, "then We may draw the conclusion 
"Tomorrow we shall go to the beach. " litis is < called a deduction. 

A 

A3fi 

B 

■ • ■ ■■ -.) ■ '' 

.Ultimately, we want .-to be able to make use of deductions of consider- 
able length, and to arrive at concluaions that are not immediately obvious 
from the given statements, ., The rules for making deductions in prqpositional 
logic are extremely simple, i A deduction consists of a sequence of numbered 
lines. Each line is a prqpositional formula,, and the last one is the desired 
conclusion. There must be m reason -$r ^usttffieation vfof writing, each line. 



and there are only three kinds -of justification. . A Ime is jusetified |a) because 
it is given, (b) because it is an axiom, or (c) because it follows from previous 
lines by using a rule of inference. 

As axioms for proportional logic, w* shall allow any formula that is 
a tautology. , , 

The only rule <©£ infer««ee Jor projKW&tion&l logic is modus -ponens . 
This rule states. that M, 'iier*- 4m * 3£n* In %m'Mm$lBmi^9fc^M0m^tRvtlSi a, 
and if mere is anaS%er Ime m&e deduction whi^h is t]» fornaalao ^A then we 
may deduce the formula &. We <jall « and tt :?# the - a^ cedents of Hie 
inference, and $ the caB&ef&ki&t of the inference, . J&Sbqf antecedent may 
appear .before, the other jn;JgMe deduction, ,1*i.jtjty&Map^ 
antecedents.. . ^ 

The following deduction shews that if mm a&suxne 'fee %neau|as wuaabered 
1 thru 6 below, me formula numbered 21 can be deduced. 

.given 

;•,■■■ ■g^SjBr^..... 
,^¥3ftn;;. 

0ven 
$iven 
given 
tautology 
Mp 1.7 
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1. 


A3B 


£. 


B3C 


3. 


C3D 


4. 


AVE 


5. 


D^G 


6. 


E=>G 


7. 


(A => B) => «B 3 C) a(A3CH 


8. 


(B3'C)3tA3C) 



9. 


A =3 C 


Mp 2,8 


10. 


(A 3 C) ■=> ((C 3 D) ^ (A z> D)) 


tautology 


11. 


(C => D) 3 (A => D) 


Mp 9, 10 


12. 


A^D 


Mp 3,11 


13. 


(AV E) o <(A 3 D) = <D V E)) 


tautology 


14. 


(A3D)3(D V E) 


Mp 4,13 


15. 


D V E 


Mp 12, 14 


16. 


(DVE)3((D3G)3(GV E)) 


tautology 


17. 


(D3G)3(GV E) 


Mp 15, 16 


18. 


G V E 


Mp 5, 17 


19. 


(GVE)3((E3G)3.G) 


tautology 


20. 


(E^G)=>G 


Mp 18,19 


21. 


G 


Mp 6.20 


§3.4 Proof- Checking 





We are now in a position to attempt a miniature proof-checker for 
propositional logic. It is a predicate of three arguments* proofchkfg, c, d], 
where g is a list of given formulas, c is a capciu®i#n, and di* a deduction. 
If all the arguments have the correct format, and d is a valid deduction 
proving c starting with g, then the value of proofchk is T. Otherwise it is F. 

We have already specified an s- expression language for propositional 
formulas allowing AND and OR to have an indefinite number of arguments. 
The format of the arguments of proofchk is as follows: 



A list of propositional formulas. 
A single propositional formula. 

A list of steps. Each step is a list of three items. The 
first item is a number. The steps are numbered con- 
secutively, 1, 2, 3... The second itehls is a formula. 
The third item is the justification for this formula. It can 
be (i) GIVEN, <ii> TAUT, or (iii) (MP m n). where m and 
n are numbers of previous lines. 
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Using the previous example, g = ((IMPLIES A B> (IMPLIES B C) 
(IMPLIES C D) (OR A E> (IMPLIES D G> IMPLIES E G)). c = G and d = 
((1 (IMPLIES A B> GIVEN) (2 (IMPLIES B CNSIVEm . . . (20 (IMPLIES 
(IMPLIES E G) G) (MP 18 I9-)> (21 G iMF 6 20))). 

For a deduction to be valid, it must have the correct syntax and in 
addition: 

1. If the justification for a step is TAUT, then the body of the step 

must be a tautology. 

2. If the justification for a step is GIVEN, then the body of the step 
must be a member of the list g. 

3. If the justiftcatkm for a step is (MP m n). then letting the body of 
the step be p, and letting the body of step m be a. the body of step n must be 
(IMPLIES a 0). Furthermore both m and n must be lees then fee number of 
the step being justified. 

4. The body of the last step must be e> fee conclusion. 
A recursive definition of proofchfc fotkM—t 

proofchkft; «* *?* wfllie$g J A wfffej A wfstsuiteldj a -nnuUId} a 
atmpotiintM* e-drflast^)f » -* a ps^ofuhklfg, d> d] 

wffliajx}* Npei*}*T»«m^*FsT**l^^ 

sljxj«- -tatomlx] a nullfedrfxJJ 

s2fxj *• -ratomfxj a sifcdrfxfj 

s 3 [x } *• -ratomf x J a 8 2 f cdr fx JJ 

wfsteplisjxj - rnullfxl -» T. atom|xi * F, T -♦ wfstepjcarfxj} a 

wfsteplis[cdr[xIJJ -* - 

wfstepfxf*- s9fxJA numfcarprftA wfffesdrjxJJA wfjuatfcaddrfxfl 
wf justfxj ♦- x ■'* GIVEN v x » TAUT V jtftffcjA carixT = MP A 

nttmEea4r{xftA ttim sfc*ddtf|xJtf 

steporder^] * {sit*l -* T» T *«»**fx$+ 1 * caadrfxl A steporderfcdrfx}]] 

proofchkllg^d* qj«- faullfq} :-• T, T •* stepchkfg, d, car fall A 
proofchklfg.d.cdrfqJJI ,—,*.«, 

stepchk(g.d,s}* fcaddrfsj * TAUT -» tautfcadrfsRcaddrrs] = GIVEN -» 
memberfcadrfsL g], T •♦ mpchk{«l. s. caddr[s]]J 

mpchkfd. s jj - caarfd) * cadrfJJ A cadrfj} < carfsj a caarfd} * caddrfjl a 
caddrfo) < carfs) a cadrffetchfcaddrtj], dJJ = listflMPLIES. 
cadrffetchfcadrljj. dJJ, cadr{sj] 

lastfxj *- [slfxj -» carfxj. T * last[cdr[xf]] 

rotc:h|n. x] *- |nullfx| ■♦ NIL. n = caarfxj -► carfxj. T -♦ fetchfn. cdr[x||] 
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Problem 13 

If you have access to an interacting LISP system, program a more 
practical proofchecker in which you can specify the given and the desired con- 
clusion, and then enter lines of proof. The program should give diagnostics 
when it does not accept lines offered to it, and let you try again. 

There is a difficulty with this method of proof that prevents us from 
making deductions in a reasonable length of time in certain cases where we 
would expect to be able to do sofi i Suppose « fe) a formula containing 40 
different prepositional variables, It, sho^d beeaey po show that a v -.a is a 
tautology. But if we set taut to check whether this is a tautology, then it 
will try to form a list of 2 40 interpretations and will fail on any existent 
computer. 

One way around this difficulty is to make use o£the 4de* of substitution 
instances. If a is any formufa* .then P^^iim^m^^^Hm^mp&amonAl 
variables w*th formulas &Mm$n*m*am*to*k4mMme* efthe original 
formula. If a particular prepositional variable jtejiefbe replaced, then all 
occurrences of it must bexeplaced, and mu## h«trejSUee<fcby th# same 
formula. For «*»pple. ^.fubstitutio* instance of A^J»"3> A\ could be 
(C v D) A ((B * D)P(C V p)X , 

A substitution iestajae* of a tautolQgj? i^flfrayev* tautology. So we 
can add to our deductive sya,tejm for the propMi^onal logic one more rule of 
inference: • . ,..-- ^V."7," ' 

Substitution rule: 

A line in a deduction is justified if it is a sub»«hition 
instance of a previous line, and that previous line ia a 
tautology. ' "' : ""'"'* -■■—--*-—'• ,.-!»-.-■■•• 

Problem 14 

Modify proofchk to allow for substitution instances of tautologies. 
The justification for such a line will have the fornj {INST n), where n refers 
to a previous line, whose justification is TAUT. 
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Preview of Chapter your 

This chafer «evek>os * theory of prepositional logic. The concep- 
tual framework, and even many of the .MflMtttfrtTOa^over directly to 
the theory of firs* order logie. ;? ; ..r,qo^ ■•«u:---i- i 

The theory aartaralty divides itself fart© two aspects. The first of 
these, calle^g^g^agr^a^^ and 

deductions, viewed a* formal objects to be rnMilpui»t>4 wttfaotrt any concern 
for ^t,*hey*jw.;i«s*ff^ ^1^»e*ott#*s¥*& of the 

theorv ^ modi tswmsftos* iia»s*i««i**^ to 

its intended meaning. The most important theorems for oar purpose are 
those that relate proof theory to model theory. 

§4.1 P roof Theory 

— — ' " I' ' ■" ' • run m ill 1 ' 

At any give* t*me. if u uMfai to Km*t the discussion of propositions! 
logic to those formula* mat contain only a partjeslar set of prepositional 

variables. 

Efefmition 4«- 1 

A vocabulary f s any hon-emp^y set of propositional variables. 

A language (of proposition*! logfe* is t^ *« of aH formulas containing 

only variables from ..a particular vocabulary. 
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A vocabulary may be finite or infinite. Every vocabulary defines a 
unique language. All languages are infinite sets even when based on a finite 
vocabulary. If the formula a is a member of the language L, then the 
formula ->a is also a member of L and vice versa. If the formulas a and0 
are both members of L, theh a a fi t a v ft, etc. are also members of L. 
Conversely, if a compound formula is a member of U then its constituents 
are members of L. 

When using logic as a deductive tool, we frequently select some set 
of formulas belonging to a language as the axiomatization of our subject 
matter. Such a set of axioms can be called a theory. We then want to dis- 
cuss those formulas that can be deduced within the theory. These are some- 
times called theorems. This motivates the following definitions: 

Definition 4. 2 

If L is a language, then a theory is any subset of L, If T is a theory 
of L, and o is any formula of L, then the notation "TH^" means that there 
exists a deduction (as specified in Chapter Three) such that every given 
formula of the deduction is in T, and the conclusion is or. We can read this 
as "a is deducible from T". The set of all a in L such that TKx is the 
set of theorems of T for which we write Th(T). 

Definition 4. 3 

The theory of T is said to be inconsistent if there is some formula a 
such that TK*, and TH-i<*. Otherwise T is consistent. 

Corollary 4. 4 

If T <= L is the empty theory, then Th(T> include^ all tautologies of L. 
If T -c L is inconsistent, then Th(T) * L. If T and R are theories of L, then 
(ThfT) U Th(R»c Th(T U R). 

Definition 4. 5 

A theory T c l is complete (in L> if for every formula « 6 L either 
either Tl-a, or TH-ia. 
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It is important to observe that the completeness of a theory is 
relative to the language of which it is a part* The theory is complete if all 
the formulas of L are provable or refutable from T, and none of them are left 
undecided. But the same theory may be incomplete with respect to a larger 

language. 

Definition 4. 6 

If T ci l is a theory, and 06L, th^a if neither T>«, nor T>-»a, then 
a is said to be independent of T. 



We have seen that formulas may be divided into three classes, 
tautologies, inconsistent formulas, and those that are satisfiable but not 
tautologies. Given any consistent thedrjr^ m the language L, the formulas 
of L can then be divided into three disjoint classes relative to T: (i) those 
that are deducible ftforo T, which includes the tautologies, as a subset, 
(ii) those whose negations are deducible from T. w^|ph we can call the 
formulas refutable from T and which includes all the inconsistent formulas 
as a subset, and (Hi) those that are independent of T. If T IS a complete 
theory, this last class is empty. 



tautologies 




inconsistent 
formulas 





T is incomplete 



t IS complete 



•If 



Problem Set 15 



1. Which of the following theories are inconsistent? Which are com- 
plete within the smallest language containing them? 

a. A b. A v B 

' -iA v -,b 
-iB = C 

c. A v b d. A 

-iB -iB 

C 

2. Prove that if T is any consistent theory in L, there is a theory T 
in L which is complete and consistent, arid such that T ct', 

3. Show that every complete theory has a canonical form. 

The main theorem of this section is known as the deduction theorem 
(for propositional logic). It is the formalization of the intuitive proof tech- 
nique whereby when we want to prove a result having the form "A implies B", 
we assume A and then derive B. 

Both the statement of the theorem, and the method of proof are typical 
of proof theory. The statement of the theorem is simply that if a certain 
deduction exists (and a deduction is itself a formal object as defined in 
Chapter Three), then a certain other deduction must also exist. The proof 
of the theorem makes no appeal to the meaning of propositional ldgic, but 
merely describes how to obtain the second deduction if the first one is given. 
This is known as a constructive proof. 

Theorem 4.7 (Deduction Theorem) 
If T U {a}»-/3. then Ti-a = 0. 

Proof: The assumption of this theorem is that there is a deduction of the 
formula in which only the formulas of T and the formula a are justified as 
given. Let this deduction be the sequence of formulas fo, . . . , where 
^n = &' We sna11 use the method of mathematical induction to show that for 
each i, where U i s n , it is the case that TK* => p.. This is sufficient to 
prove the theorem, because T»-tt ^>0 is the desired result. 
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By the induction principle, it is sufficient to show that if Tl-e> =3 fi. for 
1 s: j < i, then TKtt ^ j^., There are four cases to consider: (i) if 0. is a 
tautology, then tt 3 #. is also a tautology, and so 'TNl 3$.. (ii) If 0. follows 
from jS and # k fey modus -ponens in the .given proof, where 0. is 0. P 0., and 
j < i, and k < i, then 'fey the induction assumption th& 3 0. and THa => (0 . 3 /SI). 
Then since (at =>£ ') 3<a 3 (? 3 f^» '-=»$*. ^>$^ is a tautology, by two applica- 
tions of modus -ponens we get ** 2>.#j. QH) If H| 1* Instilled as given in the 
first proof, and £. € T, then T^, and since ^ D <« o£.) is a tautology, by 
modus-ponens we get TH* 3 j8j. ttv) If #^ is ;ju*tified as a given in the first 
proof, and ^ is tt, then T*tt a^ because ^e formula {« 3«.) i« a tautology. 

A constructive proof usually t*|t* us more than i* required for the 
theorem. This |»TO©f, for *xampl<e, t«U* u» that the deduction T**« ^ ^ is 
computable from the deduction tf ii ffclNL Moreover, the second deduction 
is at most three times as long as the first, ?** as^osite of * constructive 

proof is an existential 'jBrttot, .■ 

Problem 16 

Let T be Hi* theory {A a », »»C|,' "Has*. T ¥ |A|*€, and we write 
out this deduction in mil; 

1* A given 

3* A 2> B ftven 

s* ' b < Mp i, a 

4, 8»C gtvwti 

5. C Mp $, 4 

The deduction theorem tells us that 9>A & c. Obtain mis deduction by 
following the construction given toi 1fc* proof of th* deduction theorem. Is 
there a shorter deduction for T+ A =>C1» 

§4.2 Model T heory 

While proof theory is concerned with me properties of deductions, 
model theory is concerned with the meaning of the formulas. A formula is a 
logical compound of propositions, each of which is regarded as true or false 
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in some context. The purpose of a model is to supply that context; therefore: 

Definition 4. 8 

A model in a language L is a function from the vocabulary of L into n. 

If the vocabulary of L is finite with n members, then there are 2 n 
different models for L. If the vocabulary of L is infinite, then there are 
infinitely many models for L, in fact, uncountably many. 

If M is a model in the language L, and a t L. then M assigns a truth 
value to each variable occurring in a. Then, using the truth tables for the 
propositional connectives, or else using some procedure such as propeval of 
Chapter Three, a truth value can be assigned to a. 

Definition 4. 9 

If a evaluates to the value T using the model M then we say that M 
satisfies a, and we use the notation M M |=o" to express this concept. 

Corollary 4. 10 

If M is a model in L, and a 6 L. then either M |=a, or M Ha. If for 
every M in L, M \=a, then a is a tautology. If there is at least one model M 
such that Mf=a, then a is satisfiable. If there is no such M, then a is 
inconsistent. 

Definition 4.11 

If T c l is a theory, and M is a model in L, and if M |=a for every 
a 6 T, then we say that M is a model for T, or M satisfies T, and we write 
M|=T. 

So far, we have used the symbol " |=" to relate models to formulas or 
theories. We can also use " f=" to express the idea that in any context where 
the theory T is satisfied, the formula a is also satisfied. 

Definition 4. 12 

If T c l, and a € L, and if every model in L that satisfies T also 
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satisfies a, then we say that T semantically implies or semantically entails 
a, and we write T \= a. 

It is important to realize that TJ=a, or T semantically implies a, is 
not the same thing as saying T**«, or <* is deductible from T, at least not 
until we have proven this to be the case. 

The main result of this section is the compactness theorem, a rather 
surprising result when first seen. Suppose some infinite theory is not satis - 
fiable by any model. One might think that this is a property of the theory as 
a whole. But the compactness theorem states that the unsatisf lability can 
always be localized to some finite portion of the theory. 

An unsatisfiable theory is one that has no model. An inconsistent 
theory is one for which there is a formula H such that both a and -19 can be 
deduced from the theory. The fprnier concept is model theoretic, while the 
latter is proof theoretic, if a theory is inconsistent, then it is obvious that 
some finite sub -theory is also inconsistent because the deduction of the 
inconsistency had to come from finitely many given formulas. But we have 
not yet proved that unsatisfiable and inconsistent are equivalent concepts. 
The compactness theorem is a result preliminary to proving this. 

Theorem 4. 13 (Compactness Theorem) 

If a theory is unsatisfiable, then it has a finite sub-theory which is 
unsatisfiable. 

Proof: If the theory T is finite, then the theorem is trlwial because the sub- 

theory T is taken to be T. The theorem did not promise that T was a 

proper subset. If the vocabulary of T is finite, then there are 2 n models 

where n is the number of prepositional variables in T. None of these models 

satisfies T, and therefore each one falsifies some formula of T. This set 

of formulas is not satisfiable, and is the required t'. 

Suppose the vocabulary of T is infinite. Let the propositional 

variables of T be enumerated in some order as the sequence a , a , . . . We 

shall call a function from some initial segment of this sequence into IT a 

"partial model". A partial model assigns truth values to a, thru a for some 

1 n 

n 2 0. We can picture all partial models as nodes on an infinite tree. The 
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first node is the empty partial model. The next level containing two nodes 
assigns T and F to a^ and the third level containing four nodes assigns T 
and F to & 1 and a g in 4 different ways, etc. 




A partial model assigns truth values only to those formulas of T 
whose propositional variables are among those that the particular partial 
model interprets. If a partial model interprets at least one formula of T as 
false, it will be called a "terminal". We now "prune" the tree by cutting 
off all nodes that are descendents of terminals. If the pruned tree has 
finitely many nodes, then for each terminal we select a formula which is 
falsified by that terminal. The set of these formulas iff the required finite 
T , because if M is any model, then some initial sequence of M is the same 
as some terminal. So there is a formula in t' which is not satisfied by M. 
Therefore T is an unsatisfiable theory. 

Now suppose that the pruned tree after eliminating descendents of 
terminals is still infinite. Then there must be gome infinite descending path 
passing through infinitely many nodes. This is because if the tree is infinite, 
then either the left or right half of it is infinite. Then either the left or right 
half of this half is infinite, etc. But such a path constitutes a model. 
Furthermore, this model does not falsify any formulas since none of the nodes 
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it passes through is a terminal. So this model must satisfy the theory T 
contrary to assumption. Therefore the pruned tree cannot be infinite. 

§4. 3 Consistency and Completeness 

We now use model theory to critique the consistency and completeness 
of deduction. We want to sbov (i) tfiat deduction only allows us to obtain con- 
clusions that are semantically justified, and Ui) that all such conclusions can 
be obtained by deduction. 

Theorem 4. 14 (-Consistency Theorem) 

If T c L, e£L and T^» $*en T'b*-. 

Proof: Let .«,,...,,-« = &. toe a deduction taf m foom T. By ttee induction 

l n 

principle, if we can show that Tj^cr.. for 3 < i implies T.|=«.» then we can con- 
clude that T^«. for each i, and, in particular, 'T^at» Taere are three cases: 
<i) If a . is a tautology, then T^*. becaatse all models of L satisfy a . . (ii) If 
a . is given, then «a. € T and so T|»*.. IM& If «l Jo^ows from * 4 and a, by 
modus -ponen*^ wliere «. *s «„ 3> tie** then tsgr tine i»ittctiafla hypothesis,, T^a . 

and T ^« . ^ a,, so if M|=T r , then mI# 4 mad Mb** ■ : »*- Froaatfee truth table 

3 * ' J- ■ 3 * ' 

of "=>", it is seen that M^a.,, and so Tf=«... 

Lemma 4. 15 

If T ,(=a, then there .is a finite subset T of T such that T $=«. 

Proof: T U {-itt§ is an imsatisfiable theory, since every model that satisfies 
T also satisfies tt, and therefore does not satisfy -"Ma. According to the 
compactness theorem, there is a finite Subset of T U Ha 3 which is also 
unsatisfiable. We can always include -rat in ibis set, so it can be written 
t' U '{-«(*} where T*CT is finite. If Kt|=T' # 'Saen M cannot satisfy na, and so 
Mf«. Therefore T% «. 

Theorem 4. 16 { Completeness Theorem) 

If T c: l, a € L, and T.f*x, then T*«. 
Proof: By lemma 4. 15 there is a finite T c: T such that T'|=a. Let t' = 
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{0 r ...,0 2 }. Then ^ 1 3 (^ 3 . . .(/3 n 3 a ). . . ) i s a tautology, and there is a 
deduction starting from this tautology, introducing each ,8. as given, and then 
detaching it from the tautology using modus-ponens, such that the conclusion 
of this deduction is a. 

Corollary 4. 17 

If there is at least one formula that cannot be deduced from the theory 
T, then T is satisfiable. 

Problem 17 

Prove corollary 4. 17. 
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CHAPTER FIVE 
RECURSIVE FUNCTIONS AND SETS 



Preview of Chapter Five 

This chapter continues from where we left off in Chapter Two. 
There we formalised the notion of a recursive function, and showed that 
there was a universal recursive function apply. In this chapter, we continue 
the discussion of recursive function theory by demonstrating that there are 
perfectly well defined functions that are not recursive. It is surprisingly 
easy to get such a result once we have a universal function. The theory 
goes a bit further by showing that there are functions that are in some sense 
not even halfway recursive. 

§5>1 Recapitulation 

To summarize the reHults of Chapter Two briefly, the following 
schema represents a sequence of n recursive definitions: 

^1 ^m^h 

*n l5 l ^J^ 

Such a sequence defines n partial recursive functions, gives them the names 
(fi thi*u0 , and specifies procedures for computing these functions which 
terminate with a value whenever the partial function has a value, and are 
otherwise undefined or fail to terminate. The recursive function specified 
by the procedure may not be the one we expect, but it must exist because the 
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behavior of the procedure is taken as its definition. 

There is furthermore a well-defined effective method of coding a 
sequence of recursive definitions into a single s- expression, and there is a 
partial recursive function called apply such Jfchfct if f is the coded s- expression 
just mentioned, and^j has exactly k arguments (that is, nij = k), and (* 1 thru 
a fe are any s -expressions, then: 

^["l \) ~ applyI/3, listfttj. . ... fl^lj 

where the symbol "^" here means "strong equality" in the sense that either 
both sides have the same value, or both sides are undefined. (We can also 
compute any other of the ^merely by putting its definition first when coding 

/3.) ' . '■ " . '"' : ' : ' " /: ; 

§5.2 Turing's Halting T heorem 

A. M. Turing first proved this halting theorem using his conceptual- 
ized computers now known as Turing Machines. He showed that there is no 
computer that can always predict whether or not another computer will halt or 
continue to run indefinitely* after stud^-i^g ^ state of 

that other computer. It is assumed here ffeftt^ifctHMfntetP have access to an 
unlimited supply of initially blank auxiliary storage. Of course a computer 
can predict that another computer will halt i»3r simulating its behavior until a 
halt is encountered. But there is no way to do this without danger that the 
computer doing the simulation will itself not halt in some cases. A proof 
along these lines ©an be found in {Davis]. 

We define the total binary predicate feal^x. y] as follows: If applyfx. y] 
is defined, then halt [x, y J is Tj otherwise halt fayliBFi: 5 The predieaje halt 
is certainly meaningful and well defined. But we have not specified any 
effective means to compute it. 

Theorem 5. 1 (First Halting Theorem ) 

The predicate halt is not recursive. 
Proof: Suppose, to the contrary, that halt is recursive. Then there is a 
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sequence of recursive definitions, the first of which computes halt, and the 
rest of which are auxiliary functions for bait. Then we can define the 
recursive function (ftag as follows: 

diag[x} * [halt(x» list[x}J -» list{apply[x» list[xJ}J, T -» NIL] 

The function diag is recursive because it has been effectively defined from 
apply and halt both of which are, or are presumed to be, recursive. 
Furthermore, diag is a total function because halt is total, and while apply 
is not total, it only gets to see mass, arguments C«rtHie4. by halt as producing 
a value for apply. Because diag is recursive, its definition can be coded 
into an s- expression which we shall call diag*. This is a list of the trans- 
lation of the recursive definition of diag mriHfa'.ttomi, followed by the 
definitions for halt snd its ssuaSliarf funeHsns, and apply and its auxiliary 
functions. Now consider the value of dtofjdiag* % 'Ittfa^MOssi must exist 
because diag is total. Therefore, by the interpreter theorem, apply (diag*, 
list£diag*]j must be defined and have the same value, and hence haltfdiag*. 
list Jdiag* J} is T. But the* from me recursive deftnstfon for diag, we have: 

dtagfdiag* J * list [apply [diag*, liatfdiag* )j J * listfdiagfdiag* JJ 

This is a contradiction because it asserts that soins s^expression is equal to 
list of itself. This is like having a number a such that n = n*. Since we have 
arrived at a contradiction using corset rsssottftng* we must conclude that 
our original premise mat halt Is recursive is not true. 

This proof is confusing at first sight. If you study it carefully, you 
will see that it is really no different in its basic technique from Cantor's 
diagonalization proof that me real numbers are not countable. That is why 
we have called the self- applicative function "diag". Most undecidability and 
incompleteness proofs involve some sort of diagonalization technique. 
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§5. 3 Recursive and Recursively Enumerable Sets 

Definition 5.2 

A set of s-expressions is recursive if there is a total unary recursive 
predicate which is T for members of the set, and F otherwise. 

Since the numbers are a subset of the s-expressions, this definition 
extends to numbers. For a set of numbers to be recursive, it is sufficient 
to have a predicate which is defined only for numbers, and is T for members 
of the set and F for numbers that are not members of the set. This is 
because the set of all numbers is recursive using the basic predicate num. 

If a set is recursive, then there is an effective test for membership 
in the set which terminates either way. We have just proven that the set of 
all s-expressions x such that apply[car[x], cadr[x]] is defined is not a 

recursive set. 

There is a weaker condition than recursiveness called recursive 
enumerability. It applies to sets where there is a membership procedure 
that always terminates when the answer is yes, but may not terminate when 
the answer is no. 

Definition 5. 3 

A set of s-expressions is recursively enumerable (abbreviated to r. e. ) 
if it is the set of values for some total unary recursive function defined on the 
domain of numbers. 

This definition creates the picture of a machine that runs continuously, 
and from time to time prints out some s-expression. Every s-expression 
that is a member of the set will be printed eventually, and only members of 
the set will be printed. There may be repetitions. But we cannot always 
conclude that some s-expression is not a member of the set, because we may 
not have waited long enough. This is a good intuitive view of recursive 
enumerability. 
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Definition 5. 4 

■— *i T"« IMP *Pf ■■■■——»—■— 

A predict is y^fMi^e^ t f^^^f^jfm, set of arguments for 
which it is T is r. e. 

There are many alternative definitions for a r. e, set* some of which 
are given in the following corollary. 

Corollary 5. 5 

(a> A set is r. e. if ami only if it ie the range (set of values) of some 
total recursive function. 

(b) A set is r> e. If a*4 offty if tt tip ttie range of some partial 
recursive function, 

(c) A set is r f e. if and only if it is the domain of definition for some 
partial recursive Amotion (u e. . the set of s-e*pre*eioae on whicfc the parcel 
function is defined). 

(d> if a set is r. e. and its complement is also r* e. . them both are 
recursive. (This means complement with reapee* to the sat of all s-exprea- 
sions. but it is also true if we take a complement with respect to the set of 
numbers, or any ottear rec^l?i4v« aet # ) 

Problem Set i f 

1. Prove all the parts of corollary 5. 5. 

2. Show that halt is a r. e. predteat*. 

3. Using theorem 5. i, and eoroliary g. *y part (d), specify some set 

which is not r. e. 

The last result of the chapter is a stronger halting theorem in which 
we demonstrate the existence *# a predicate that ia net «*e*>vt e. We define 
the total unary predicate totfx} to be T if and only if x is a sequence of 
recursive definitions which is syntactically well formed, and furthermore 
specifies the computation of a total unary function of the s- expressions. 
Totfx] is F if x is not a well-formed sequence of definitions, or if it defines 
a non-unary function, or if it defines a non-total function. Tot itself is never 
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undefined. 

Theorem 5. 6 (Second Halting Theorem) 

The predicate tot is not r. e. 

Proof: Assume to the contrary that tot is r. e. Then the set of arguments x 
such that tot[x] is T is a r. e. set, and there is some total recursive numeric 
function totenum which enumerates this set. Now consider the function diag2 
defined by: 

diag2[x] «- [num{xj «• list fapply [totenum [x J, list [xftj. f ■♦ NIL] 

Given our premises, diag2 is evidently a total unary recursive function. 
Letting its definition sequence be the s- express ion diag2*. we have 
tot[diag2*] = T. Therefore, there is some number ktodt that iotenum(kJ * 
diag2* . Then diag2 [k ] = l^st(apply [diagf?*, HstCkJJ J . * Uf^dia^ 0c }L This is 
a contradiction, so the initial assumption that tpt is r. e. must be false. 
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Once again, the distinction between a rope and a snake had proved too 
subtle for Western logic. 

-The Adamantine Sherlock Holmes - 



CHAPTER SIX 
FIRST ORDER IjQCttC * ISffHaDtJlGTlON 



Preview of Chapters S|^ Seven atid Siffhi 

Chapter m* iirtroduciwr the language*, tfc#Wies aftd models of first 
order logic. It contains some basic definitions, inW'an intuitive exploration 
of the subject to develop skill in handling formulas and their meanings. No 
deep theorems are proven. 

Chapter Seven defines and develops the theory of deductions. With 
the exception of the consistency theorem, all of Chapter Seven is proof- 
theoretic and constructive in nature, It contains all the basic results on 
provability that we shall need for the rest of the book. Chapter Seven is 
long and contains many difficult exercises. This seems necessary in order 
to develop some practical sense about deduction, which theoretical study 
alone is not likely to do. 

Chapter Eight starts with the completeness theorem which is the 
central topic for the classical study of first order logic. The completeness 
theorem is then extended to logic with equality, and some consequences of the 
completeness theorem having philosophical implication are discussed. 

§6, l Languages, Formulas an d Sentences 

First order logic is much more subtle than propositional logic. In a 
certain theoretical sense, it is sufficient to represent any completely formal- 
ized process of deduction. Let us consider a very trivial deduction: Bowser 
is a dog. All dogs are mammals. All mammals are vertebrates. There- 
fore, there is at least one vertebrate. Each of these sentences is simple 
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rather than compound. If we call them A, B, C and D, respectively, there 
is no way to deduce D from A, B and C using proportional logic. The 
internal relations that make this an evident deduction are simpjy not available. 
These statements can be formalized in first order logic as follows: 



A 
B 
C 



D 



dogfBOWSER] 
Vx(dog[x] => mammal[x]) 
Vx(mammal[x] 3 vertebratefx]) 



3x(vertebrate[x]) 



When we define deduction in first order logic, it will be seen that there is a 
deduction of D given A, B and C. 

In this example, there is a variable, x, an object, BOWSER, and 
three predicate names. A slightly more complicated example, containing a 
function name in addition to a predicate name is: The number three is not 
even. If a number is not even, then it is odd. If a number is odd, then its 
square is odd. Therefore there is some number the square of whose square 
is odd. 

-ieven[3] 

Vn(-i even [n ] => odd [n]) 

\/h(odd[n] 3 odd [square [nj]) 

3n(odd[square[square[n]]]) 
This is also a valid conclusion in first order logic. 

Definition 6. 1 

A function name is an identifier. 

A predicate name is an identifier. 

A vocabulary for first order logic is a non-empty set of predicate 
names, and a (possibly empty) set of function names, together with a number 
(so) for each name called the degree of that name. 

The purpose of the degree is to specify the number of arguments a 
predicate or function has. 
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A term is: 

(i) a variable 
or <ii)*(r 1 -.... # T n l 

where <p is a function name of degree n, and each of the t. is a term. (Note 
that this definition allows terms of arbitrary depth. Also, if the degree of 
<p is 0, then <p[] is a term. A 0-*ry term is called a constant. ) 

An atomic formula is +[Ty . . . ,T J, *fi*re ^ is a predicate name of 
degree m, and each t^ is a term. (Note that predicate names occur only 
outside function names, and that predicate names cannot be nested within 
each other. Also, if the degree of $ is 0, then $f] is an atomic formula. ) 

A formula 1st 

(1) an atomic formula 

or (ii) -i(a) 

or (iii) (or) v <£) 

or (iv)«*)A<0) 

or <v)(«)=><0) 

or (vi) (a) « (?) 

or (vii) VWo) 

or (viii) 15(a) 

where a and fi are formulas, and 5 is a variable. The symbols V and 3 are 
called the universal quantifier and the existential quantifier , respectively, 
and can be read as "for all" and "were exists". 

Informally, we shall relax this grammar in several ways. We may 
drop some of the parentheses when this does not result in ambiguity for the 
reader. We do not specify associative grouping for : "#' and "A" t since this 
makes no difference. We assume that "3" associates from the right, so that 
p[x J = q[xj = r[x} means pfxj => <qfx] => rfx)). We use term* containing infixes, 
prefixes and suffixes in the same manner as in Chapter Two. Finally, we 
use objects as terms, which saves us the trouble of representing each object 
by a constant. 

Throughout this book we shall use the convention that when a quanti- 
fier and its quantified variable are followed immediately by a left parenthesis, 
then the scope of the quantifier extends exactly as far as the matching right 
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parenthesis. For example, 3x(p[x]) 3q[x] means (ax(p[x])> = q [ x ], and not 
3x«p[x]) => q[x]). 

Examples of Formulas: 

a. Vx(p[x] ^ q[x]) b. -»3n(n' = 0) 

c. (n + m)x p = nxp + mxp d. ax(p[xj) => lfe<p[x] => p[f[x]]) 3 

e. <-ip[]V-,q[.])«-,<p[]Aq[]) f. p [ x ] V p[g [ x j] v p[g[g[ X ]]] 

Definition 6. 3 

The set of all formulas using a given vocabulary is called a language . 

Definition 6. 4 

In a formula having the form V§(«) or 35(jf*). every occurrence of the 
variable § is a bound occurrence of g. It i^s boundby the jtn*14al quantifier of 
the formula unless it is bound by some quantifier in a. An .occurrence, of a 
variable that is not bound is fr ee. 

It is only meaningful to talk about a particular occurrence of a variable 
being bound or free with respect to a particular formula. For example, 
within the formula 3x<p[xJ>, the variable x is bound with respect to the whole 
formula, but free with respect to the subformula pfxj. In me formula 
p[x] ^ Vx[q[x]], the first occurrence of x is free, and the second and third 
occurrences are bound. In the formula %(pl[x, yj v tx(p2^,yi)). the only 
free variable (wf12i respect to the entire forntulaj ii me ft?8% occurrence of x. 

Definition 6. 5 

If a formula has no free variables (with respect to itself), then it is 
called a sentence . A universal closure of a formula a i& a sentence 
V5 1# . . V§ n (a) where the I. are all the distinct free variables of a. in any order. 

§6. 2 First Order Models 
Definition 6. 6 

Let L be a first order language. Then a model in Lr is a package 
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containing the following: 

(i) A non-empty set D called the domain of the model, 
(ii) For each function name <p of degree n, a function £:D n ■♦ D. 
(iii) For each predicate name i> of degree m, a predicate $:D m -♦ *. 

When we speak of finite, infinite, countable or uncountable models, we 
are referring to the cardinality of their domains. It is important mat the 
domain be non-empty, and that the functions and predicates that interpret the 
function and predicate names should be total. 

The significance of models is that they specify semantics for formulas. 
Consider a language L, a formula a € L, and a model M in L. Temporarily, 
we need another entity called an interpretation. Ah interpretation I for the 
formula «, and the model M is a total f unction from the set of variables 
occurring in a into the domain of M, Given M. I and or, we can define a 
valuation for every sub -component of or. The valuation of a term will be a 
member of D (the domain of M), and the valuation of a formula will be a truth 
value (member of ffc defined as follows: 

(i) If % is a term which is a variable,, than , V(M. I. 5) n «5). 
That is. the valuation of I is the >*tyg* iit D assigned to 
it by the interpretation I. 
if r is a term having the form f fr |( ♦ , . r ft J, then 
V(M.M-) «^V(li f jtr t )„ ## ^ Vm,U\nr { Thatis, the 
valuation of r is found by first obtaining valuations for 
the Tj, which will be members of D, and then using?, 
which is the function modeling the function name «>, to 
obtain a value in D from these i arguments. 
If is ah atomic formula *ff . ».».-,*'-' I then 
V7M. 1, fi) « ?mM. U r x U . . ". i vih. t^ m ) ). This is a 
truth value. 

(iv) The valuation of a formula having the form -i(0), 

m v (y), 0) a (», tf) d (>,). of 0) . {y) u ootained 

from V<M,Ii#) and V<M, I, y)u«4ng the truth tables for 
the prepositional connectives, 
(v) The valuation V(M. I, Y£(j&» is T if V(M, J, 0) is T for 
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every J which is an interpretation identical to I except 
possibly for the value it assigns to the variable §. 
Otherwise, the valuation of V$(£) is F. 
(vi) The valuation V(M, I, 3§</3)) is T if V(M, J, 0) is T for 
at least one J which is identical to I except possibly 
for the value it assigns to the variable 5. Otherwise, 
the valuation of 35(j3) is F. 

Proceeding from smaller to larger components in this manner, we 
see that a valuation V(M, I, a) is eventually defined. It is evident that the 
choice of the interpretation I is important only for the free variables in a, 
and that if a has no free variables, the valuation is independent of I. So if 
a is a sentence, we simply write V(M,a). 

Definition 6. 7 

If M is a model in L, and a is a sentence in L, then if V(M, a) = T, 
we say that M satisfies a, and write M |=a. 

If a is a sentence in L, and all models in L satisfy a, then a is valid . 
If at least one model satisfies a, then a is satisfiable . If no models satisfy 
a, then a is invalid . 

The negation of a valid sentence is invalid and vice versa. We could 
draw the same sort of chart for valid, satisfiable-but-not-valid, and invalid 
sentences of first order logic, as we draw in Chapter Four for tautologies, 
satisfiable-but-not-tautological formulas, and inconsistent formulas of 
propositional logic. In fact, tautologies are a subset of valid formulas, if 
we define a first order formula that is valid from its propositional structure 
alone to be a tautology. Similarly, propositionally inconsistent formulas of 
first order logic are a subset of the invalid formulas. 

So far, we have discussed only sentences. What about other 
formulas ? It turns out that there are two ways of regarding a formula with 
free variables. One way is to see the formula as belonging to some context 
which supplies interpretations or restricts the meaning of the free variables. 
For example, in the pair of formulas: 



•63- 



;«r«^^***-™§^^ 



2x+2y » 1 

2 2 , 

x + y * 1 

one probably wants to solve for all interpretations that satisfy both formulas. 
In the domain of real numbers, there are two of tbetn.' The other context for 
a formula having &ree variabiles is to regard the i&rwula as meaning the same 
thing as its universal closure. Wat eKvmpte? 

mlri x «- «wr* * I 

Here the meaning is that this asaertton Us tree tor *H at, i. e. , «*tsin 2 x + 

cos x = 1). 

Definition 6. 8 

For any formula tt . M^tx means that 3ft satisfies & closure of * . A 
formula is vaHd. satief table, or Invalid if Its closure is valid, sat iafi able or 
invalid, respectively. 

Two formulas *r and $ man epyivalent. «f« *£ is valiC 

Problem Set 19 

1. Classify each ef the tollowktg formulas as be4ng either valid, 
invalid, or satiaflafcl* but no* wattd. 

a. plt]v^ &, &B^fx# ^IBsCnJ*!) 

c. l*Cpt*P A ^ax<p|x» d. lx1^lc,y#2)1lyl^p{ Xf y^ 

e. x + y * y 4- x f , 1ta<-,p{x]) a ^t^pfct)) 

2. The sentence ¥k¥**%tfx-y | < 6 d {$*#- fty)] < c) interpreted on the 
domain of real numbers asserts $m;t is -a continuous function. . Write a 
formula that asserts that f is a uniformly continuous function. Does one of 
these conditions imply the other logically? 

3. Show mat each pair of formulas is equivalent: 

a. VS(ffiAft) y««)AVS<0) 

b. aS(a v fi) a §( tt ) v myft 

c. V§(«v^) Vg(*)v£' where fi has no free § 



d. aS(er=>/3) 

e. V ? (a3 0) 

f. ^a5(a) 



VS(-na) 



where a has no free § 
where /? has no free § 



(6.3 Theories 



Definition 6. 9 



A the o r y in a language L is a subset of L. 

If T 1 c t 2 , then we say that T g is an extension of T y and T. is a 
contraction of Tg. If L^ c l 2 . then we say that L 2 is an extension of Ly 
and Lj is a contraction of L„. 

If M ±a for all a € T, then M |=T. 

If T <=■ L, and if M |=T implies M>a for all models M in L, then M }=a. 

A theory is satisfiable if it has a model. 



M, 



Definition 6. 10 

Two models M^ and M„ in the language L are said to be first order 
equivalent if Mj |=a if and only if M 2 |=a for every a in L. We write M 
to denote first order equivalence. 

Let Mj be a model in the language "L , and let L 2 be an extension of 
L l* If M 2 is a model in L 2 wni °h has the same domain as M n and the same 
interpretations for all the function and predicate names of L-, then M„ is an 
expansion of My and Mj is a contraction of Mg. (The word "extension" 
applied to models has a different meaning from "expansion" and is not used 
in this book. ) 



Problem Set 20 

1. Prove that if T c L is a theory such that if a is any formula of L, 
then either T}=a, or T^-ia, then all models for T in L are first order 
equivalent. 

2. Prove that if T g c L g is an extension of Tj ^ h y and M 2 is a model 
in L 2 such that Mg |=T 2 , then there is a model Mj in L such that M |=T , and 
M 1 is a contraction of ML. 
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As an example of a theory, consider the theory of partial ordering, 
which belongs to me language having ©My the binary predicate "<" meaning 
less than. The theory is: 

-ix < x 

x<y'3.y< a'3x< a 

This theory can belong to any language containing '*fce predicate "<". Any 
model that satisfies this theory must be a partial ordering in the usual sense 
because these are the axioms lor a partial ordering. 

Suppose we extend this theory fey adding to it the formula 3y<x< y). 
This says that given any object, ifcer* is another object greater than it. Then 
there must be ano&ter vto ject g r ea ter than that,. mA so forth. By applying 
the second axiom, which is a transitive law?, we s«e that any object on this 
chain is < any object occurring further along the chain. The first axiom 
says that no object is < itself. IS© ie scan conclude that this theory having 
three formulas has only infinite models,. & is satisfied rather easily, for 
example, by ffl*e real mxatibetB, or ttue natural numbers, "-or the transfinite 
ordinal numbers, by letting < have its customary naeantag in each case. 

Another example of a theory is the theory of groups under addition, 
formalized in a language with the binary predicate T '=", the 'binary' -function 
'V, the unary function 11 -'", and the constant '&. 

x = x x+{y+iz) = (x+y) + z 

x = y 3 y = x x+Q = x 

x=y=>y= z=>x = a x+(- x) * 

x = y=>u = v3. x+u = y+ v 
x = y^> -x = -y 

Any model that satisfies this theory is a group. There are, of course, 
many different groups, and in seane models the pla« sign must be interpreted 
by an operation usually called multiplication, and *©*• must be intsrpreted by 
" 1 ' or "e". The axioms in the left column are the axioms for equality in the 
language {=, +, -, 0} . They are necessary to assure that we will be able to 
prove those things that we need to prove about equality. 
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Definition 6. 11 

Let L be any language containing the binary predicate "=". We call 
such a language a language with equality MeglcJaaanagas; that we study will 
be languages with equality, The theory? Ej-.xOr the theory of equality for the 
language L is the following set of axjoms: 

(i) x = x 

(ii) x = y3y= x 

(iii) x = y=3y=z=>x=z 

(iv) For each n-ary function name <p in L, the axiom 

x i = yi 3 --- 3x n = y n I3 * , t x i»--- x „J s vIy r ....y n ] 

(v) For each m-ary predicate name 4> in L, the axiom 

X l =y l 3 -'- 3x m = ym 3 ^x 1 .....x m ]o^ yi y m j 

The number of such axioms depends on the size of the language L. and 
might be infinite. The first three axioms are the theory of equivalence 
relations. The rest of them are necessary, as we shall prove later, to 
assure that we have axiomatized equality as well as is possible in first order 
logic. 

Problem Set 21 

1. What is the theory of linear order ings? 

2. What is the theory of semi-groups? Of abelian groups? 

3. Which of the following theories are satisfiable? Find a model for 
each satisfiable theory. Which theories have finite models? 

a. -ix < x 

X<y3y<zD x <z 

x < y 3 3w(x < w A Vz(-ix < Z V -iz < w)) 

b. The formulas of (a) and 3y(x < y). 

c. The formulas of (a) and 

3w3x(w < x A Vy<y < x 3 3z(y < z A z < x »). 
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d. The formulas of (a) and 

3x(w < x A Vy(y < x => 3z(y < z A z < x))). 

e. The formulas of (d) and 3xVy(-ix < y). 
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CHAPTER SEVEN 
FIRST ORDER LOGIC - DEDUCTION 



Preview of Chapter Seven 

We develop the mechanism for making formal deductions in first 
order logic. As with propositional logic, a deduction is a step-by-step 
process for obtaining a conclusion from given premises. It can be inspected 
for correctness by a proof-checker. Most of the theorems in this chapter 
are concerned with the existence of demonstrations, and have the practical 
effect of saving us time. They will also have theoretical applications in 
Chapter Eight. The mechanism of substitution, a necessary prerequisite, 
is discussed first. 

§7.1 Substitution 

In this book, we make a sharp distinction between, the words 
"substitution" and "replacement" which is very useful, but has not won 
general acceptance at the present time. Our notation, for substitution 
follows [Robinson]. We shall discuss replacement later in this chapter. 

The LISP function subst (see §2.2) is a good example of a substitution 
operator. Substfx, y. z ] substitutes x for aU occurrencee of y in z. Some- 
times, we wish to perform several substitutions simultaneously on the same 
object. For example, we may substitute Q for A, »nd & for B in the 
s- expression (A B C). in which case we get .(QR G). We can define a LISP 
function sublis that does this. The first argument is a list of pairs, and the 
second argument is the object of the substitution. The effect of each pair is 
to cause the first member of it to be substituted for ail occurrences of the 
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second member of it. So sublisf«Q A) (R B», (ABC)]MQR C). 

sublisfx, s] *- [atom [8} -» suhl{x,sj. T -♦ consfsublisfx, carfsj], 
sublis[x, cdrfxJUJ 

subl[x, s J «-(null[x] ■• s, cadarfxj =* s -»<c*arfsj, T -» sublfcdrfx], s)] 

Sublis performs what Is known as a simultaneous substitution . It does 
not substitute on that which it has already substituted. For example, 
sublis[((A B) (B A)), (A X B Y)] = (B X A Y). The alternative to simultaneous 
substitution is sequential substitution . In this case R ^t^a&es a; considerable 
difference what is done first. Thus substfA, B, subjst{B,.^, (AX B Y)J] = 
(A X A Y), but subst{i. A; substfA, B, (A X ''b T^lf = (B XB Y). 

For first order logic we shall need, to substitute terms for variable* 
occurring in formulas or terms, "tiffing for free 

occurrences of variables. An example ,^f .a substitution , ; |s /*> suba^te the 
term gfy] for all free occurrences of the ^risiup to the formuja p|xj=> 
ax(q[x]). The result is pfgfy}} o **<fa$. "J Because jhg ! ^raiic* of substitu- 
tion occurs frequently, we need a precise way of writing it, s^giayo^g 
explanations are not necessary. If « is any formula, r is a term, and 5 is a 
variable, then by a(T/$) we mean the formula obtained by subs^^^T for all 
free occurrences of § in a. We also allow a to be a term. ''to wftfci case all 
occurrences of * to a are free. We ckxttm speeffj* a itoiultaneous substitu- 
tion, where each patraet»!>^ 

pairs in SUBLIS. These are catted substitution ^^coA^ents . For example, 
if a is the formula pixj a q fyfc m&mWVi&ll£§1fyT% me formula pfg[y)) a 
qfftfoyH. '•-! ■■■ .--^>rfr. ■.■..• ■ :i 

In addition to not substituting for bound occtirrehces of a variable, 
there is another restriction to first order logic. <3oris#<tef the result of ' 
substituting giyj for all f ree occur reaOS of * in pffcjw Sylfqfyj ±r r f*j). The 
result is pfgfyjj A Syiqty} ^ rfgfy^. W* dsai^mW aii improper sulfation 
because the variable y in *{yj is captured by the quantifier #<&* second 
instance (from the left) where it i* Sebetftufed. Mordi^ that t«* substitution 
a(r/5) be proper, it4s necessary that wherever ^fbere -Is i¥ Wee occurrence of 
5 in a. it is not within the scope of any quantifier that binds a variable that 
occurs in t. When a( T /S) is proper, we, also say "r is free for 5 in a". 
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Examples: 

1. If we substitute y for x in Vx3y(r[x, y]). this is a proper substitution 
because no substituting occurs. There is no free x in the formula, and it is 
permissible for bound occurrences of x to be within the scope of a quantifier 
on y. 

2. If we substitute y for x in p[x, y] ^ 3x3y(q[x, y]), the result is 
Pfy. y] => 3x3y(q[x, y]). This is a proper substitution because wherever x is 
free, it is not within the scope of a quantifier binding y. although a bound 
occurrence of x is within the scope of a quantifier on y. 

Substitution plays an important part in the rules of deduction of first 
order logic, but in each case improper substitution is not allowed. We shall 
adopt the convention that substitution on formulas of first order i ogic is 
undefined if it is improper. In each case where a rule using substitution is 
given, the rule does not apply when the substitution is improper because no 
result is defined. 

Formulas of first order logic are translated into LISP as follows. 
The idea should be obvious by now. 

(i) If t is a term, then t* is obtained by using the same 
rules as for forms in the language of recursive 
definitions, For example, g[x, A J, where A is an 
object, is translated into (G X (Q&0TE A)), 
(ii) Atomic formulas are translated similarly, 
(iii) Composite formulas are translated into (NOT a*), 
(ORttj* ... or*), (ANDttj* ..-. aj), (EQUIV 
a j* a 2 *). (EXISTS 5* a*), and fFORALL 5* a*), 
where the a's are formulas, and § is a variable. 

Problem Set 22 

1. Write a LISP function sub which is the equivalent of sublis for first 
order logic. If a is a formula, theTj terms, and the ^ variables, then 
subllistflist^, 5 X ], . . . . list[r n , § n }]» a] is the formula a^/S^. . . , tJ^) if 
the substitution is proper, and NIL otherwise. 
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2 . Write a LISP predicate inst of three arguments such that 
instfa, S,0] is true if a is a formula, 5 is a variable, and there exists a term 
t such that the substitution a(r/S) is proper, and the result is fi. 

§7.2 The Rules of Deduc tion 

Definition 7. 1 

A deduction is a numbered sequence of formulas each having a valid 
justification. There are five types of justification: 

(i) Given 
(ii) Mpi.j 

For this to be a valid justification of line ri, it is necessary 
, that i < n, j < n, and if line (i) is the formula «, and line 
(n) is the formula 0, then line (j) must be the formula a =*0. 
(iii) Taut 

If a formula of propositional logic is a tautology, then me 
result of substituting formulas of first order logic for all 
its propositional variables is a tautology of first order logic. 
All occurrences of a particular propositional variable must 
be replaced by the same formula, 
(iv) Ql and Q2 

Ql and Q2 are axiom schemas for first order logic. Each 
schema represents an infinite set of formulas which are 
called the instances of the schema;. U a formula is an 
instance of Ql, then Ql is a valid Justification for it, and 
similarly with Q2. The schemas are: 

Ql: V5(a)z>a(T/5) 
Q& a(T/5):?as(«) 

where a is any formula, 5 is any variable, and T is any term, 
and a(r/5) is a proper substitution, 
(v) Q3 i, and Q4 i 

Q3 and Q4 are rules of inference for first order logic. The 
distinction between a rule of inference and an axiom schema 
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is that a rule of inference depends on previous lines of the 
deduction. Modus -ponens is also a rule of inference. 
"Q3 i" is a valid justification for line n if i < n. and there 
is an instance of the schema Q3 in which line (i) appears 
above the horizontal line, and line (b) appears below it. 
The case of Q4 is similar. 



Q3: 



tt off 



a=>V§</S) 

Q4: *=>« 

35(0) = a 

where fi is any formula, 5 is any variable, and a is any 
formula which does not conta in 5 free. 

" ' '" "" " " ' I i. ■ 

If T is any theory, and there is, a deduction in which only formulas that 
are in T are justified as given, and if the conclusion of the deduction is the 
formula a, then we say that there is a deductions* a from T. and we write 
THa. if there is a deduction of a in which no formula is justified as given, 
then we say that a is a theorem of logic, *nd we write >«. 

The following sequence of seven steps is an example of a deduction in 
first order logic: 

1- ty(p[x. y]) 3 p[x. y] Ql 

2. p[x.y]^3x<p[x„yj) q 2 

3. (Vy(p[x yj) 3 p [ x , y]) 3 ( p[x , y] 3 3x(pfx, yj)> o 

(^(p[x,y])3ax(p[x,yl)) Taut 

4. (p[x. yj 3 ax(p[x. y])) ^ (Vy( p [x, y]> = 3*<p[x. y])) Mp lf 3 

5. ^(p[x.y])=>ax(p[x.yj) Mp 2. 4 

6. 3xVv< P fx. y]) => 3x(p[x. y]) Q4 5 

7. Zx*y<p[x.y])^tyLx{plx t y]) Q3 6 

Since this deduction has no given formulas, we may write 
►3xVy(p[x, y]) => Vy3x(p[x. y]). 

The next example is a somewhat lengthy proof taken from the theory of 
formal arithmetic. It illustrates a great many points that will be made in the 
next few chapters, and you may wish to refer back to it. For the present, it 
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is simply an example of a formal deduction. We prove the sentence + = o' 
from four axioms which are the first four lines of the demonstration. As an 
aid to comprehending the organisation of the deduction, important subgoals 
are marked with an asterisk (*). 

1. VxVyVz(x = y 3y = z ^ x = z) Given 

2. VxVy<x = y ^ x =y ) Given 

3. Vm(m + 0=m) Given 

4. Vmm(m + n = (m + n) ) Given 

5. Vmmfm+n'^m + n/^WO'+n'MO'+n)') Ql 

6. m(o'+n'=(0'+h>') Mp 4, 5 

7. W+n'^lo'+nj'jao'+O'MO'+O)' Ql 

(*) 8. o'+o'=(0'+0)' Mp 6, 7 

9. Vm(m + = m)=> o'+0 = o' Ql 

(*) 10. o'+0=o' Mp 3, 9 

11. VxV 5 r(x = y3X / =y / )3V5K0'+0 = y3(0 / +0)'=y / ) Ql 

12. Vy(0 / +0=y3(0 , + 0)'=y / ) Mp 2. 11 

13. Vy(0 / +0 = y3(0 / +0) / =^ / )3 / +0=0 / 3 

(0'+0)'=0 Ql 

14. o'+0=o'3(0'+0)'=0" Mp 12, 13 
(*) 15. <o'+0)'=o" Mp 10, 14 

16. Vx¥yVz(x = y ^>y=z =>x=z) o VyVztoVo'^y ^ 

y = z =>o'+o'=z) Ql 

17. VyVzfo'+O^y^y^oo'+O^z) Mp 1, 16 

18. VyVz(0'+0' f y?y=z3 0'+0':*z)=> 

Vz(0+0=(0+0)3(o'+0)=r3 0'+0'=z) Ql 

19. Vz(0 / +0'=(0 / +0) / 3(0'+0) / =z3 / +0 / =z) Mp 17, 18 

20. Vz(0 / +0 / =(0 , + 0)'3(0 / +0) / =z3 0'+0'=z)=> 

.(0'+0'=(0'+0)'2(0'+0)'=0"30'+0 / =0 / ') Ql 

21. / +0 / =(0'+0) / 3(o'+0) / =0 / '=>0 / +0 / =0 // Mp 19.20 

22. (0'+0)'=0"3 0'+0'=0" Mp8.21 

23. 0'+0'=0" Mp 15.22 



We may safely conclude from this example that deduction is an 
extremely tedious process full of needless repetition of similar patterns, and 
that something must be done to speed it up. We shall consider this subject 
later. 
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Problem Set 23 



1. Show (by writing a deduction) that each of the following formulas is 
a theorem of logic: 

a. Vx(p[x] * q(x])3 0k(p[x]) * Vxtqfx])) 

b. Vx(p[xJ = q[x]) 3 <a*<p[x]) * &c(q|x])) 

c. Vx-ip[xJ = laxCpfx]) 

d. Vx(p[xJ A q [x}) s (Kx(p[x]) A \fe<q[x])) 

e. Sbc(p[xl V q[x j) * <a«6<p{x]) V 3rf q{x j)) 

f. ac(p[x] A q[ x] ) z> Oc(pfx]) A ac(q[xj)) 

g. Vx(p[x]) r> 3x(p[x]) 

2. Which of the following formulas are instances of Ql or Q2. and 
which are neither? Why? " 

a. fcc(p[x]) 3 pfx] 

b. ^C(pfx»y])3 P [y,y] 

c. Vx3y(p[x.yJ)3 1 y ( p fg[y] # y]) 
d - P[gfy].y]=>3x(pfx.y]) 

3. Define the unary LISP predicates axql and axq2 which are true if 
their arguments are instances of Ql or Q2 respectively. 

4. Define the binary LISP predicates riq3 and riq4 which are true if 
the second argument is derived from the first argument' by rules of inference 
Q3 or Q4 respectively. 

5. Modify proofchk so that it is a proofchecker for first order logic. 
The only modifications to #e format of a deletion are (0 TAUT must handle 
substitution instances efficiently, and there is ^en no longer a need for INST 
as a justification, (ii) the justifications Qi ana"Q3t must >e Idded. and (iii) the 
justifications (Q3 i) and (Q4 i) must be added. 

§7. 3 The Consistency Theo rem 

The statement of the consistency theotrsm for first ©?d*r logic is the 
same as the consistency theorem for proposition fe^p^theorem 4. 14). but 
the meaning behind jt is considerably more subtle. 
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Theorem 7. 3 (Consistency Theorem) 

If T c l, a 6 L and THa. then T \=ct. 

Proof: The proof is by induction and follows the same lines as the proof of 
theorem 4. 14. The induction hypothesis is that if T f=a . for j < i, then T f=a . 
where the deduction is the sequence a , . . . , or . Tlhere are seven cases to 
consider, and the first three are the same as in the previous proof . 

(iv) If a. is an instance of Ql, then it has the form V|(0) o 0(t/S). 
Let M be any model, and I any interpretation for the variables in this formula. 
If V(M. I; Vg(0)> is false, then M, I [=0^. If V(M, I, V&0)) is true, then V(M. J, 0) 
is true for any J differing from I at most at the variable §. In particular, 
there is that J that assigns to C the value which is V<M,I,T). Therefore 
V(M, I, 0(t/?)) is true because no variable in T is bound by quantifiers in 0, and 
so M, I ^a . in this case also. What we have shown, then, is that every 
instance of Ql is valid. 

(v) If o. is an instance of Q2, this also is valid, and the proof is left 
to the reader. 

(vi) If or. is derived from a .by the rule Q3, then Since j < i, the 
induction hypothesis is that T ^o .. Let a . be the formula <=■ y, where has 
no free ?. Then a. is the formula 3 VS(y). Let M be any model that 
satisfies T. Then M, I j=0 o y for all interpretations L Choose one such I. 
If M.I does not satisfy 0, then M.I^Oj. If M, I |*0 f then M, I \y also. But 
then M, J also satisfies where J is any interpretation differing from I at 
most on §, because has no free 5. So M, J also satisfies y for ail such J, 
and therefore M, I \*H(Y). So M, I \>a t in either case, and the conclusion is 
that T^a.. 

(vii) If a^is derived from ft. by the rule Q4, then since j < i, the 
induction hypothesis is that T p-a.. Let a . be the formula = y where y has 
no free §. Then ot. is the formula 3 Wb&y. Lff M be? any model that 
satisfies T. Then -M.l|»0 => y for all interpretations I. Choose one such I. 
If M. I |=y. then M, I j=a.. If M* T does not satisfy y, -then M, I does not satisfy 
0. Let J be any interpretation differing from I at most on §. M, J does not 
satisfy y because y has no free 5. So M, J does not satisfy 0, and since this 
is true for all such J, M, I does not satisfy 35(0). So M. I^a. in either case. 



-76- 



and the conclusion is that Tta.. 

' 1 

Corollary 7. 4 

If t-a, then a is a valid formula. 

Corollary 7. 5 

If the theory T is satisfiable (has a model), then it is consistent. 

§7.4 Existence of Deductions, Replacement 

Since deduction is a very tedious process, we would like to speed it 
up by introducing additional axioms and rules of inference. But, in fact, no 
matter how many additional* rules we introduce, there will always be more 
that we would like to have. If we were to introduce a great many rules right 
from the start, then the proof of the consistency theorem would be very long 
because we would have to consider each rule separately and show that it is a 
valid form of reasoning. Now that we have proved the consistency theorem, 
we can deal with new axioms, and new rules of inference in a different way. 
What we can hope to show for each one is that it is eliminable in the sense 
that if we have a deduction using such an axiom or rule, then there is an 
effective way of obtaining a deduction that does not use it, but which proves 
the same conclusion from the same premises. 

As a very brief example of this, consider the rule: 

Rl- « 3 May 
a ^y 

This is a derivative of the rule of modus -ponens which stated in this style is: 

ft 
Now suppose we have a deduction that uses the rule Rl: 

1. a -3/3 Given 

2. 0=>y Given 

3. a=-»y Rl 
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We know that this proof can be expanded to: 



1 . o => Given 

2. 0=>y Given 

3. (a 3 0) => </3 3 y) ^ (a z> y) Taut 

4. (j8 sy)3(o3y) Mp 1, 3 

5. aoy Mp 2, 4 



This can be done in every situation in which Rl is used, so we can say that 
Rl is constructively eliminable. The consistency theorem then guarantees 
the correctness of the rule as a method of reasoning. This not only shows 
that it is correct reasoning, it shows that the introduction of the rule does not 
alter any of the properties of first order logic that we may prove in the 
future, because the rule itself is not essential to any deduction in which it is 
used. 

Problem Set 24 



1 . Show that the following are constructively eliminable rules of 
inference: 

QX1: oTt7d QX2: ^swm 

QX3: T5T5T QX4: ^3g(a} 

QX5: m&r 

2. Rules Q3 and Q4 are necessarily stated as rules of inference, and 
cannot be treated as axioms. Show that the following schemas are not valid 
by describing counter-model for an instance of each schema. 

a. (a => 0) => (a 3 V§(0>) where a has no free 5. 

b. (iJ^a)^ (35(0) 3(K) where a has no free 5. 

The formulas a and a(C/5) are said to be similar if the variable C does 
not occur free in a, and if £ is free for 5 in a. When this is true, it will also 
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be the case that 5 does not occur free in a(C/S), and 5 is free for C in a(C/S). 
and a(C/S)(5/C) is the formula a. 

Theorem 7. 6 (Change of bound variables) 

If a and o(C/5) are similar, then i-tt(a)' » YC(a(C/S)). and KaS(a) = 
3C(a(C/5)). 
Proof: 

1. V5(a)3 a <c/§) Ql; Why i S this substitution proper? 

2. V5(a) 3 VC(a(C/5)) Q3 1; Can U(a) have free C? 

3. VC(o(C/5))=>a Qi 

4. vC(a«/S))3V5(a) Q3 3 

5. V§fa) = VC(a(C/5)) Prop 2. 4 
The 3 case is symmetrical in form. 

You will notice that as we acquire more techniques, deductions will 
become more and more condensed. At this point, there is, ^longer any 
reason to write out in full any sequence of steps that depends merely on 
propositional logic. We just write "Prop* and list the antecedents. 

The distinction between replacement and substitution is that 
(i) replacement refers to replacing of an entire structure df some sort by 
another, whereas in substitution we always substitute in place of something 
atomic such as an atom or a variable, an4 -fjltf'tf is noWecessary to replace 
all occurrences of a given structure, but onload many as we wish. The 
semantic justification for replacement is that something ma> be replaced by 
something else that is in some sense its equal or equivalent. The semantic 
justification for substitution, on thg other handV Is thaf we 5 are obtaining a 
particular instance of a general statement. 

An example of replacement is to take the formula o'+ o' = ( O'+O )' and to 
replace the underlined term with me term t) f . Our justification for doing this 
is that we have already concluded that these two ter^sar^ equal, i. e. , 
o'+O = O'.^ The result of the replacement is o'+O* = W or dropping paren- 
theses, oW = o". Another example is to replace the 'first occurrence of 
2 + 2 in (2 + 2)+ 2 = <2 + 2) + 2 with 4 because we already hive 2+ 2 = 4. This 
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gives 4 + 2 = (2 + 2) + 2. This is valid, even though we have not replaced all 
occurrences of 2 + 2. 

Now consider the substitution of 2 for x and 3 for y in x+y = y + x. 
This gives us 2 + 3 = 3 + 2, which is an instance of the general rule. 2 + 3 = 
y + x has no useful meaning because partial substitution does not accomplish 
the purpose of substitution. Notice, also, that it is not meaningful to 
substitute for a constant. 

It is important that entities that get replaced are proper sub -expres- 
sions in whatever context they appear, and not accidental pseudo-expressions 
caused by juxtaposition. For instance, if we start with the equation 2 + 3x4 = 
14. and then replace "2 + 3" with "5". we get 5x4* 14. which is incorrect. 
"2+3" is not a sub -expression of "2 + 3 x 4" because the conventional associ- 
ation is "2+ (3 x 4)". 
» 

Theorem 7. 7 (Replacement of Equivalent Formulas) 

Let a and be two formulas such that T Hot ■ j?.. Let y be any formula, 
and 6 be a formula that is obtained by replacing some (but not necessarily all) 
occurrences of a in y by 0. Then T^y *5, 

Proof: We begin the proof by identifying certain iuh-formulaa of y and 6 aa 
"corresponding components". If an o occurring fcj y is replaced by a in 6. 
then the a and the fl are corresponding component* . Any sub-formula of y 
which contains no occurrences of a that get replaced., and is not contained in 
a larger such formula is also a corresponding comj>pnent tq the sub-formula 
of 6 which is identical to it both in content and, in position. The formulas y 
and 6 are thus built up identically, starting with corresponding components 
using the propositional connectives and quantifier*. Also, corresponding 
components are either identical, or else one i$ a an^Jhe other is 0. m 
either case they can be proven equivalent from T, We proceed by induction 
on the number of propositional connectiyes and the quantifiers to show that 
this equivalence extends up to the formulas y and 4: (i) If y^ is -,y 2 , and 6 
is -.6 2 , and Thy 2 '■ ^ then T^ ■ ^ because (^ » AJ .=> (r^ ■ -.6^ is a 
tautology, (ii-vi) The cases for the other promotional connectives and the 
universal quantifier are left to the reader, (vii) If y 1 is 3J(y ), and 6 is 
35(6 2 ), and THy 2 * ^, then T^ * ^ because V*(y 2 = y follows by rule QX3, 
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and because Wl(Y 2 ' ty => (3S(y 2 ) = 3§(6 2 )). (See problem set 23, No. lb. ) 

Theorem 7.8 (Replacement of Equal Terms ) 

Let T be a theory with equality (i.e., E L c T). Let T. and T„ be 

terms such that TH^ = r g , let a be any formula, and let fi be a formula 

resulting from replacing some occurrences of r. in a by T_. Then TNa * p*. 

Proof: By induction on the depth of the terms in a. Let the corresponding 

components be terms, either Tj and the 1" 2 that replaces it, or identical terms 

that are in indentical positions in a and fa and are the largest possible such 

terms. If a and are corresponding terms, then they can be proven equal 

from T. Larger terms are built from these by function composition. Let 

^&J|, . . . ,a n ) and $[9^, . . . , 9^] be in corresponding positions, and by the 

induction hypothesis THa = 8j. Then these terms can be proven to be equal 

because there is an axiom in E T which* is x*» = y, ?.. ( 3x = y => 

•Li i l n ■'n 

fPfrj, . . . , x R J = ^fyj. . . . , y^}. Similarly, once all terms in corresponding 
positions are equal, the atomic formulas can be proven equivalent from the 
reflexive axiom of equality (x = y => y = x> and toe double application of the 

axiom E L which is Xj = y x => . . . = x m . . y m 5**fej,., . _, x m l = ^ Y m J. 

Once corresponding atomic formulas are proven equivalent, the induction 
proceeds as in theorem 7.7. 

We introduce one more derived rule of inference obtained from Q3 and 

Ql: 

a 



Inst: 



a( V«i w 



where the 5. are distinct variables, and toe substitution is proper. 
A shorter demonstration for +0=0 can now be given: 



1. m + = m Given 

2. m + n' = (m + n)' Given 

3. o' + = o' Inst 1 



4. o'+ o'= (o'+ 0)' Inst 2 

5. o'+o'=o" Replacement 4, 3 
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§7.5 The Deduction Theorem 

The deduction theorem for first order logic is rather subtle, and 
takes some effort to understand, but a correct perception of it will yield a 
lot of insight into the nature of rules Ql thru Q4. The most naive statement 
of the theorem is actually false. It is not the case that if T U («}»-/J, then 
Tt-a 3 for any formulas a and 0, If this were true, then since p(x]Hfe(p{x]) 
by QX3, it would follow that >p[x] P *x(p[x]), and then by another application 
of QX3, H¥x(p[x] 3 Vx(p[x])h But this sentence is not valid; it is not satis- 
fied by the model on the domain {©, l} where pfOJ is true, and p[l J is false. 

We have chosen to interpret a formula standing as a line in a deduction 
as being equivalent to its universal closure. In faet, the rules QX1 and QX3 
allow universal quantifiers to be added or stripped from the beginning of a 
formula at will as long as they take the whole formula as their scope. 

The trouble seems to be that when such an open formula is incorpo- 
rated into the left side of an implication, it is negated because a p/8 is the 
same as -ia v 0, But its implicit universal quantifier gets left outside the 
negation and causes the error. 

Theorem 7. 9 (First Deduction Theorem) 

If T U fa) \-0, and a is a sentence, then THcr => 0. 

Proof: By induction on the demonstration 0^ . . .,£ * 0. (Please review 

theorem 4. 7. ) 

(i) If 0j is a tautology, men so is a => 0.. 
(ii) If { is in T, then a => { is derivable from 0. h 
(iii) If 0. is a. then a => a is a tautology. 

(iv) If { follows from two antecedents by modus -ponens, then by the 
induction hypothesis a => 0. and a => (0 => fy are provable from T. Then 
a ^ 0. is provable from these by propositional logic. 

(v) If { is an instance of Ql or Q2 then a P 0. is derivable from 0.. 
(vi) If fi i follows from 0^ by an application of Q3, then 0. is y 3 6, and 
0. is y ^ V§(6) where y is a formula that has no free 5. By the induction 
hypothesis, THo => 0. or T»-a ^ (y => 6). From this we derive (a A y) o a. 
and then apply Q3 to get (a A y) z> V$(6) which is valid because a is a sentence. 
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and so has no free 5. From this we can get a 3 (y o V5(6)). 

(vii) If fi { follows from fi. by Q4, then fi is y => 6, and fi { is 3§<y) 3 6 
where 6 has no free S. By the induction hypothesis. TK* 3(y3 fi), f rQm 
which we deducey 3 (a => 6). Since a has no free S. we can apply Q4 to this, 
getting 3$(y) 3 (a 3 5) and then rearrange to get a 3 (a((y) 3 6). 

A formula is said to depend on a preceding formula in a deduction if 
there is a chain of antecedents working back to the preceding formula. If the 
conclusion of a deduction does not depend on one of the given formulas, then 
we could omit that formula and all its dependents without sacrificing the 
conclusion. 

A variable is varied in a deduction any time Q3 or Q4 is used with that 
variable being the C mentioned in the deduction rule. 

The fact that of the original rules of inference only Q3 and Q4 can vary 
a variable is quite significant. Suppose that the formula p[x) is given in a 
deduction. Without using Q3 or Q4 it is quite impossible to derive from it 
p[5 ] or Vx(p[x]) or p[y ]. Only these two rules have "the power to interpret a 
free variable universally. 

We stated earlier that the intended interpretation of the fact that fi is 
deducible from a is that the universal closure of a semantjcally implies the 
universal closure of fi. Let us consider a different interpretation. What if 
the interpretation of the deduction <*H/3 was that for any M and I if M. I f=a then 
M. I M? A study of the deduction rules and axioms of logic shpwa that all of 
propositional logic, including modus-ponens as well as Ql and Q2. preserves 
this interpretation. But Q3 and Q4 do not. 

So if p[x]hq[x], then we can certainly conclude that Vx(p[x]) 3 Vx(qfx]) 
using the standard interpretation of closure, if, in addition, the variable x 
is not varied in any formula that depends on pfxj. then x has remained 
constant, so we dan conclude usin ff the deduction theorem that p[xj 3 q f x] . 

Theorem 7. 10 (Final Deduction Theorem) 

If T U Ca}»-0, and no variable occurring free in a is varied in any 
formula depending on a, then TKa 3/3. 
Proof: We shall reconsider case (vi) of the proof of theorem 7. 9. and let the 

-83- 



reader do the same for case (vii). fi. is y '=> 6, where y has no free 5. and 
0. is y => 35(6) and is derived by Q3. If a does not contain free 5, then the 
construction described in the previous proof still works. On the other hand, 
if fi. is not dependent on a, then T»-0 , and so TH^. Then by propositional 
logic, T>a =>£.. 

The deduction theorem makes many deductions shorter to write and 
easier to organize conceptually. As a brief example, we demonstrate 
+ m = m. The third line is what is known as an induction axiom, and is 
part of the theory that this proof is taken from. 

1. m + = Given 

2. m+n'=(m+n)' Given 

3. (0+,0 = 0) 3Km(0+ro = m 3 + m' = m') o 

Ym(0 + m = m) Given 

4. + = Inst 1 

5. Vm(0 + m = m =>0 + m' = m') ^Ym(0+m = m) Mp 4, 3 
(6) 6. + m = m Assume 

7. + m' = (0 + m)' Inst 2 

(6) 8. + m'=m' Replacement 7, 6 

9. 0+m = m^O + m'+m' Discharge 8. 6 

10. Vm{0+msm30 + m'=m') QX3 9 

11. VmfO + m = m) Mp 10, 5 

12. + m = m QX1 

The rules for incorporating the use of the deduction theorem into 
formal deductions are: 

(i) There is a column for noting depejM|enciea (we locate it to the left 
of the line number-): 

(ii) When a line is justified by "Assume", its own line number goes in 
the dependency column. Several such lines may appear in a deduction, 
(iii) When a line has one or more antecedents under some rule of 
deduction, the dependencies of the antecedents are inherited. This means 
that a line that is dependent on several assumed lines will have the line 
numbers of all these assumed lines in its dependency column. (If a line is 
dependent on an assumed line through several different paths, the line number 
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s^t^^^S^^*^-*^ ■ 



of the assumed line still appears only once in the dependency column of the 
dependent line. ) 

(iv) A variable in a dependent line may not be varied if it appears free 
in any of the assumed lines that the dependent line depends on. This must be 
explicitly checked out when using Q3, Q4, or any rule of inference derived 
from Q3 or Q4. 

(v) A dependency is removed by the process of discharge in which the 
assumed line is introduced as the premise of a "a". The dependencies may 
be removed in any order. (Refer to the transition from lines 8 to 9 in the 
preceding example. ) 

(vi) Only an independent line (having nothing in its dependencies column) 
is a valid conclusion of a deduction. 

$7.6 The Choice Rule 

When reasoning informally, we sometimes prove that there exists an 
x having a certain property, and then say. "Let k be such an x. " If the 
constant k has not been used before in 'thlfif chain of reasoning, its interpre- 
tation has not yet been restricted in any way, so no problem is created by 
doing this. The choice of the name k is arbitrary, so if we succeed in 
proving some result that does not involve k, then we should be able to prove 
the same result without mentioning k. It is important to realize that 
inventing the name k does not introduce a new object into the model of one's 
subject matter. It is only a new name that is being cr**t«d, and it could turn 
out that the new name really describes an object already familiar under a 
different name. 

In first order logic, a constant is a function of no arguments. 
Properly, it should have a set of brackets followirtg it. So k[] is a constant. 
But often we omit the brackets for convenience. (In s- expression notation, 
which is more strict, a constant is enclosed by parentheses. For example, 
k[] translates into (K). This wfll always serve to distinguish a constant from 
a variable which would not have the parentheses, or ah object which would be 
translated as (QUOTE *). ) 
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Rule C 

Within a deduction, if we have obtained a line which is 
the formula a§(a), then we may derive from this the line 
a(<fi[]/l) where <f> is a new Q-ary function name. The justi- 
fication for the derived line is "Rule C j", where j is the 
line number of the first formula. If o has free variables 
other than § . then it is necessary not to vary any of these 
in any formula that contains the constant ^[j. 

The conclusion of the proof must be a formula that does 
not have any of the new constants <p[], 

A deduction may have any number of both assumed lines 
and applications of Rule C. 

» 

Example: 

(1) 1. Vx3y(p[x, yj a q { x , yj) Assume 

(1) 2. 3y<p[x,y]Aq[x,y]) QXl 1 

(1) 3. p[x,k]A qfx.k] Rule C 2 

(1) 4. p{x.k] Prop 3 

(1) 5. 3y(p[x,y]) QX5 

(1) 6. Vx3y(p{x.y]) QX3 

(1) 7. Vx3y<qfx.y}> Similarly 

(1) 8. *x3y(p[x.y])AVxay<q[x.y]) Prop 6. 7 

9. fcc3y(p{x. yj. A q{ x . y]) a (IxSytpfx, yj) A 

v xay<q[x. yj)) Discharge 8, 1 

Notice that the application of QX3 in line 6 varies x which occurs free 
in line 3. This is* valid because line 5 does not h*ve the constant k. If 
steps 5 and 6 are done in reverse order, i.e., 1x(p{x»kJ) and then 3y\fic(p{x,yj). 
the result is not valid. 

The validity of Rule C depends on the fact that any conclusion not con- 
taining the new constant names can also be derived from a demonstration not 
using Rule C, as the following theorem shows. 
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Theorem 7. 11 (Elimination of Rule C) 

If T»-a using several applications of Rule C, and a does not contain 
any occurrences of the constants introduced by Rule C, then T*a without using 
Rule C. 

Proof: We shall prove the theorem for the case that only one application of 
Rule C is made in the deduction, and let the reader extend the proof. 

Let line (i) be obtained from line (j) in the deduction by Rule C, 
where line (j) is 35(0), and line (i) is /3ty>[]/5). and 9 is a new constant. To 
show that Tl-a without the use of Rule C, we shall show that this is true for 
each line in the deduction which is dependent on line (i), does not contain 
the constant <p, and is the first line in its dependency path going back to line 
(i) not to contain tp. Let these lines be the formulas y^ thru y . If T*-y 
without Rule C for each such y, the conclusion follows. 

It is obvious that T U {fi(<p[]ll)}y.y without us* of Rule C. We can apply 
the deduction theorem here because we have explicitly staled that no variable 
occurring free in £(?[]/£) may be varied in any line containing occurrences of 
<p. Therefore, T>0(«|]/5)-3y. Now take any such deduction, and replace 
every occurrence of <p[] in U. with a variable { not occurring in either T or this 
deduction. The deduction is still valid, and its conclusion is ^(C/S) 3 y. By 
Q4 we get 3C(/3(C/S)) = y. But 35(0) is already provable in T, and so by some 
changing of variables and modus -ponens, we get Tl-y. 

Note: We did not consider the possibility that y depends on 0(<p[]/S) by 
two different paths, and that it has two immediate antecedents, and is the first 
formula in one path not to contain <p, but the other path has been free of <p for 
some time and may have varied some of the variables of fH<p[]fl). But the 
only rule of inference to have two antecedents is modus -ponens and if the 
conclusion of modus -ponens has no tp, then either both or neither of the ante- 
cedents have^, and so the situation does not arise. 

Theorem 7. 12 (Constant Extensions ) 

If T c L is a consistent theory, a is a formula in L containing only § 
free, and <p is a 0-ary function name not in the vocabulary of L, then 
T J (3§(a) 3 oc(<p[]/i)} is a consistent theory, and if € L is provable in this 
theory, then /3 is also provable in T. 
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Problem Set 25 

1. Prove theorem 7. 12. (Hint: You will need as a lemma >.3§(a ^ 
ft) 3 (a 3 3§(0)) when a has no free 5. The method of proof is similar to the 
proof of theorem 7. 11. ) 

2. Why isn't theorem 7. 12 valid if S§(o) is not a sentence? 

3. Theorems 7.7 and 7.8 state that: 

(i) a *i?Hy*6 
and<ii) Tj .* TgHo * 

where (i) 6 derives from y by replacing some occurrences of a with j3, and 
(ii) derives from a by replacing some occurrences of r. with T„. If these 
theorems are applied to dependent lines in a proof making use of the deduction 
theorem, then it is important to know which variables are varied in the 
deductions symbolized by "»- M in lines (i) and (ii> abov*. This is so that no 
conditions of the deduction theorem are violated. Precisely which variables 
are varied in these deductions? Why is line W of the' deduction following 
theorem 7. 10 valid? 
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CHAPTER EIGHT 
FIRST ORDER LOGIC - COMPLETENESS 



§8.1 Completeness 

The completeness theorem is simple to state, but leqgthy to prove. 
We want to show that if T^.' then TK*. It turns out that, if, w^ can show that 
every consistent theory has i model; then t^jcompleteness l^orem follows 
almost immediately. So given a consistent^theorem T. we want to obtain a 
model for it. Since we have to do this in the abstract, i. e. . for any fh&xy* 
the only stuff we have available for the purpose of building a model islhe 
vocabulary ©f the theory itself. Ta further c*ft|ftfcffc%&fcfri;- there is no 
unique or canonical model for most theories. %Vitte &ibic* must he somewhat 
arbitrary. The program is roughly as loliowsf v - o 

(i) We show that more constants can be added to the language of the 
theory so that there is a name for every object that the theory asserts must 
exist. 

(ii) We next extend the theory arbitrarily untifctt is complete. 
(iii) We then show that there is a f^riermji^th*. enlarged language 
that serves as the domain for a model in a fairly natural way. This model, 
with the extra names thrown away, is a model for the original theory. 

The completeness theorem was first proved by Gttdel. The present 
proof is derived by-a method first used byHenicinl * '"' ' ~™ 

Lemma 8. 1 (Linderiba um^s Lemma) ' 
T~~ — " " ' " >.-, , ' V-T. — - — 
Every consistent theory has a consistent complete extension. 
Proof: Given T c L . a consistent theory. Let o^at^ f _ be *ll the sentences 
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of L. Let T Q be T, and T. +J be T. U {a i+J } if a. is independent of T.; 
otherwise let T J+J be the same as T.. Let T* be the union of all the T.. We 
show that each T^ is consistent by induction on i. T Q is consistent because 
it is T. Assume that T. is consistent. K.T J+1 is the same as T., then it is 
consistent. If it is not the same, then T 1+| is Tj U {q i+1 3. where a. +1 is 
independent of T^ U T {+1 were inconsistent, then anything could be 
deduced from it. and in particular T j +1 *"-»*i + i» so by the deduction theorem, 
T i'" a i+1 3 "'"i+l or T i l "" na i+1 Mfhich contradicts the fact that a. +1 is independ- 
ent of T.. So all the T are consistent, and therefore T* is Consistent because 
any contradiction in T* would also be contained in some sufficiently large T.. 
To show That T* is complete, let be any formula in L, Then its universal 
closure is one of the a.. If a f is independent of T^ v then a t € T so in any 
e, a. is provable or refutable in T. and hence in T*. and so is fi. 
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Definition 8. 2 

A ground term is a term with no variables in it. A ground formula 
is a formula with no variables in it. (A ground formula is always a sentence, 
but not all sentences are ground formulas. ) 

Definition 8. 3 

A theory T <=■ L is a Henkin theory if there is at least one ground term 
in L, and if whenever 3§(a) is a sentence that is provable from T, then there 
is a ground term T in L such that T*tt<T/S). 

Lemma 8. 4 

If T c l is a consistent theory, then there is an extension T* of T in 
an enlarged language L* which is a consistent complete Henkin theory. 
Proof: Let T Q be T. and L Q be L. Let k^ ^ for i * 1 and j * 1 be a set of 
constants not in L. Given the language Lj. we define the language L. by 
adding the constants k J+i;i . k^ v . . . to it. Given the theory f l c L^ 
we define the theory T. +1 'c Lj+i b y enumerating all the sentences of L. having 
only the variable x free (let this enumeration be ttj y a { 2 . . . ) and adding to 
T. all the sentences of the form 3x<a^ ) o a. (k. +1 ' ./x)'for j = 1. 2. 3 . . . 
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Let L* be the union of the L., and T.be the union of the T.. T.is 
consistent because it is derived from T by adding a great many new formulas, 
each one of which is a consistent extension by theorem 7. 12. Let T* be a 
consistent complete extension of T„ by lemma 8. \. To show that T* is a 
Henkin theory, let 3§(0) be any sentence of L*. Let Lj be *he le*st language 
of which it is a member. Let 3x(y) be an equivalent formula by change of 
bound variables. Then y is o.^ . for some j, and 3x(y) a y(k i+J /x) is a 
member of T^ y and therefore' T*. So if 35(0) is provable in T*, then so is 
^ (k i+l, j /5) via severa l operations on bound variables. '' 

Lemma 8. 5 

A consistent, complete Henkin theory has a model. 

Proof: Given the theory T c L, let D be the set of ground terms in L. but 
underlined. (If g[h[]] is a ground term in L, then gjh ffl € P.) D is non- 
empty because a Henkin theory always has at least one ground term. Let # 
be an n-ary function name in L. We define the function £ to interpret <fi as 
follows, if Tl. . . . . rn are objects of D. then£(i£, „,,Tn) is the object 
H Tl '"" Tn }' Le * 4> be an m-ary predicate name in L; then we define !j)(Tl, 
.... Tm) to be true if and only if ThW r .... T ].. This defines a model in 
L. Call it M. 

To show that M|=T, we shall prove that if a is any sentence in L. then 
Tt-a if and only if M |=a. The proof is by indu<M&in <m the total number of 
logical connectives and quantifiers in a. Induction basis? If there are no 
quantifiers or logical connectives in a. then a must be a ground atomic 
formula. Then TK* if and only if M |=o from the definition of function and 
predicate interpretations in M. Induction step: {i) If a |s -i0„ then if T»-a, 
then is not provable in T because T is consistent, and hence not satisfied'by 
M by the induction hypothesis. So M |=a. If M (.'a. then M does not satisfy 
0, and £ cannot be proven from T. Since T is comp|ete. Tfo. (ii) The rest 
of the logical connectives are left as an exercise, (ill) If o is the sentence 
3S<0), then if TN*. there is a ground term T such tftat f»-#T/$) because T is 
a Henkin theory. The sentence flr/§) has one less quantifier than a. and so 
by the induction hypothesis M<M<T/§), Therefore. >Mfa§<£). Now suppose 
that M M§(£). Then M. 1 1=0 for some I interpreting 5 mm an object in the 
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domain D of M. But this object T is an underlined ground term, and given 
the special way M was defined, M'^'/W/C). By the induction hypothesis, 
TH/S(t/5), and so TKa$(0). (iv) The V case is left as an exercise. 

Theorem 8. 6 

Every consistent theory has a model. 

Proof: It has a consistent, complete Henkin extension in an enlarged language 
by lemma 8. 4. By lemma 8. 5, this theory has a model. Then removing 
the interpretations for the new constants from this model gives a model for 
the original theory. (See problem set 20, No. 2. ) 

T heorem 8.7 (Gttdel's Completeness Theorem) 

If T^a, then T*a. 

Proof: (If at is not a sentence, consider its closure. ) If TJscr, then T J {-no} 
has no model. Therefore it is inconsistent by theorem 8.8. So anything can 
be proven from it. In particular, T U {-!<*}><*, and so by the deduction 

theorem TH-ia 3«, or THo. 

Theorem 8. ft (Compactness Theorem ) 

If T is hot Satisfiable, then there is a finite subset of T that is not 
satisfiable. 

Proof: By theorem 8. 6, if T is not satisfiable, then it is inconsistent. The 
demonstration of inconsistency must come from finitely many formulas of T. 
This finite inconsistent sub-theory has no model by corollary 7. 5. 

Theorem 8. 9 (Skolem-Lawehheim Theorem ) 

If a theory has a model, it has a countable model. 

Proof: If the theory has a model, then it is consistent by corollary 7. 5. If 
it is consistent, then it has a model (theorem 8. 6) which is countable by the 
method of proof oflemma 8, 5. 

The reason for producing these results in such rapid succession is to 

-92- 



demonstrate how many of the significant properties of first order logic follow 
from one central argument. 

The completeness theorem has several useful interpretations. One 
of these is that first order deduction is strong enough to derive any conclusion 
which is valid. When we put completeness and consistency together, we have 
Tl-a if and only if T}= a . Therefore, the limitations of first order logic are 
linguistic. If a certain formula a cannot be derived from the theory T, it is 
because there are models for T in which a is false, "if T is supposed to 
describe some model M in which a is true, then it evidently is not a complete 
description of M. 

The completeness theorem allows us to assert many facts about 
provability without producing constructive proofs. Instead, we argue the 
case that something semanlically follows from some theory, and then assert 
its provability from that theory by using the completeness theorem. 

On another level, the completeness theorem in the form of theorem 
8. 6 provides a, criterion for the "existence" of mathematical entities. If we 
invent some set of postulates, when is there -a mathematical entity to which 
they apply? If the postulates can be formalized as a firs* order theory, then 
it is sufficient that they be consistent in order for there to be a model for 
them. Lemmas 8. 4 and 8. 5 show thai consistent language, suitably extended, 
provides its own model or subject matter. 

§8.2 Equality 

We return now to fee problem of equality. In §6. 3, a set of axioms 
E L for the ^^ity predicate was proposed. In $7.3, it was proven that E. 
is sufficient to prove the equivalence of formulas containing equal terms. In 
this section, we consider the model theoretic aspect of equality. Prom now 
on, we shall assume that any theory in a language containing the predicate "»" 
is an equality theory (has E^ as a subset) unless we state otherwise. 

In §6.3. we" discussed a theory that had only infinite models. Is 
there a theory that has only. finite models? Consfderthe theory: 
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Intuitively, this theory seems to say that there are exactly two different things 
that exist. It is satisfied by a model containing and 1, with ..^, 1. But it 
is also satisfied by the model whose domain is the integers if we interpret "=" 
to mean "congruent mod 2". There is nothing in tije theory that prevents such 
an interpretation, although this is not the standard, interpretation of "=". 
Furthermore, there are no axioms that can be added to the theory that would 
eliminate such interpretations. 

Definition 8.10 

If L is a language with equality, then a normal model in L is a model 
in which the interpretation of "■" is that any member of the domain of the 
model is " = " to itself and not "=" to any other object in the domain. 

CI early,, any normal model for the two object theory must have 
cardinality 2. So there is an advantage to considering only normal models, 
since these are the ones we want anyway. The validity of mis approach is 
confirmed by the following theorem. 

Theorem 8. 11 

If T is a theory with equality, and M is any model for T, then there is 
a normal model M* which is first order equivalent to M. 
Proof: In the model M, there is an interpretation for the predicate name *'=" 
which we shall denote by the symbol "~". Since "~" satisfies the first three 
axioms of E L , it is an equivalence relation on the domain D of M, and 
partitions D into co-sets. If d € D, then we denote the co- set of all elements 
of D which are "~" to d as (dj. The set of all such co-sets will be called D* 
and is the domain of the normal model M* that we seek. We define function 
interpretations in M* by the following equation, where pis the interpretation 
of <fi in M, and 9 is the new interpretation being defined on D*. 

^([dj [d n J)is [?(d r ...,d n )] 

That this is a consistent definition independent of the particular elements 

chosen to represent the co-sets follows from the fact that in the model M, the 

interpretation <p of <p, and the interpretation "~" of "=." must satisfy axiom 

schema (iv) of E T and therefore if d. ~ e. for 1 « i s n, then 2»(d, , . . . , d ) ~ 
■L- 1 i i In 
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* (e i e n ) and so W d i d n >J is the same co-set as £(e e )]. 

The interpretation % of a predicate name 0. is derived from the interpretation 
? similarly, and the consistency of this definition follqwa from axiom schema 
(v) of E. . 

To show that M ~ M*. let a be any formula of L, and I an interpreta- 
tion of the variab] e 3 of a into D. Define the interpretation I* by 1H 5) = 
fl(5) ]. Then show by induction on the logical coanec^ives and quantifiers of 
a that if $ is a subformula pf a. th en M . IJMU? and only if M*. I* f=#, 

From now on. when we speak of a m^el in, a language with equality, 
we shall mean a normal model unless we explicitly state otherwise. 

Problem Set 26 

(All languages and theories have equality, and all models are normal. ) 
U Specify a theory having infinite models, and finite models of cardin- 
ality 3 xn for every n * 1. and haying W> finite models whose cardinality is not 
a multiple of three. 1o 

2. Specify a theory having models of cardinality p for every prime 
number p, and no other finite models. 

3. Provetliatif a theory has arbftrarily large finite models, that it 
must have infinite models. <«int: Use the compactness theorem. ) 

4. Prove that if a consistent tfiec-ry is complete, all models for it 
either have the same finite cardinality, or else they -are all infinite. 

§8. 3 The Skolem-Lowenheim Theorem 

This theorem was known early in th^, century before the completeness 
theorem was proven. It then, had to have : .a. pro*X W| 4id not depend on 
deduction at all. but was entirely model -theoretic in nafcu*. although the 
term "model" was -not used until somewhat later, rV 

If we consider a logic with equality^ then, the ^ko^m^Loweaheim 
theorem states that every satisfiable the^y^*- J* 4fcite m counlabl* ^normal) 
model. This is rather puxzling because we can formalize the Jheqry of real 
numbers in first order logic. This theory at f^stj^n^feems to require a 
model containing at least all the real Qumberf. When we s^dythe axtome, 
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we find that they require the existence of all real roots of polynomials, and 
all real numbers defined by limits or integrals such as ff or e or logarithms 
or Bessel functions. The theory even asserts topological closure properties 
such as that every non-empty set of real numbers bounded above must have a 
least upper bound. How then can this theory have a countable model? 

This is known as Skolem's paradox, and the problem seems to lie 
either in our naive assumption of the absolute notion of "uncountable", or in 
the limitations of symbolic language to discuss what really exists. (You can 
take your choice. ) The fact is that if we take a "description" to be a piece 
of writing of finite length composed of discreet symbols from a finite alphabet, 
then the set of all potential descriptions is countable. So regardless of what 
we consider to be acceptable or well-defined descriptions, we can only des- 
cribe countably many real numbers. We then find that every number that we 
describe and look for really is in such a countable model, including, for 
example, the values of definite integrals which we know exist but cannot even 
compute. 

If we believe that there really are "many" more real numbers than 
rational numbers or integers (and most mathematicians since Cantor act as 
if they believe this) then we must accept the situation that "most" real 
numbers are inaccessible to description in any manner* However, Skolem 
suggested that perhaps the notion of uncountable is relative to one's language, 
and that there are uncountably many real numbers in real number theory 
because there is no one-to-one correspondence possible between the real 
numbers and the natural numbers within the theory. But viewed from outside 
the theory, such a correspondence is possible as his countable model shows. 
Viewed this way, "uncountable" refers to our inability to "count" or specify 
an enumeration, rather than to the large size of a set. 

This situation is further dramatized by the fact that it is possible to 
axiomatize set theory in first order logic. The Von Neumann-Bernays-Godel 
(NBG) set theory has a finite number of axioms (see [Mendelson, Chapter 4J) 
and purports to be about sets of arbitrarily high cardinality and "classes" 
which are even bigger than sets, such as "the class of all sets". If NBG is 
consistent, then it has a countable model. * If it is not consistent, then 



1 



That is, if one is willing to accept the fairly conservative portion of classical 
mathematical reasoning used in the proofs of 8. 1 thru 8.5. 
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methods of reasoning used as a matter of course by mathematicians in all 
different fields are called into question. 

Philosophically, one may believe that all the entities of mathematics 
are given a priori, but that our language has difficulty dealing with them, or, 
if like the intuitionists one restricts one's belief to those things that could at 
least potentially be written, then one may take all the higher infinities to be 
mere semantic constructs. There is current research [Yessenin-Volpin] 
which attempts to prove that axiomatic set theory is consistent from an 
"ultra-intuitionist" viewpoint that believes in nothing it cannot see. It is too 
early at this time to evaluate this work. 
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CHAPTER NINE 
FIRST ORDER LOGIC - ADDITIONAL TOPICS 



Preview of Chapter Nine 

This chapter is a collection of several topics not all of which are 
sequentially related. The only one of these that is a necessary prerequisite 
for subsequent parts of this book is $ 9. 1 which is the study of formal 
definitions. 

The system we have been studying so far is known as Hilbert-type 
deduction. It is characterized by straight line proofs. Within the past 
decade, research in automated theorem proving has been dominated by a 
radically different approach known as resolution. 89. 2 thru §9. 4 are about 
resolution and its prerequisite topics. § 9. 5 is about still another form of 
deduction known as a Gentzen-type system. 

In §9. 6, we return to the Hilbert-type system which we shall use for 
the rest of this book, and discuss the question of decidability of theories. 

§ 9. 1 Definitions 

When a formal theory is presented as a. set of axioms T in a language 
L, it is usually necessary to make definitions as we proceed to develop the 
theory, for if we have to describe advanced concepts in primitive terms, the 
length of the formulas we must use to do this becomes explosively long. We 
shall have some examples to illustrate this later. 

The main questions that we want to consider in this section are: How 
do we make definitions that do not add anything to the basic assumptions of the 
theory? How do we know that the theory is still consistent after we add 
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definitions to it? If the theory was designed to fit some model, how do we 
know that the definitions don't alter this? 

Definition 9. 1 

Let TcLbea theory, and Tj c Lj be, an extension to T. We say that 
Tj is a conservative extension of T if whenever T^a and qitL, then T>a. 

A theory is consistent if and only if e.yery conservative extension of it 
is consistent. 

The easiest sort of definition that we can make is to replace some 
commonly occurring term by a new function name, or some commonly 
occurring formula by a new predicate name. 

Rule X (Explicit Definitions): 
An t explicit definition is a line in a proof having the form: 
*[*!».... 5 n l*'T 
or *[«!•...,. 5^1. ■£, 

where <p is a new function name and r is a term having no 
variables other '"than the 5., or Q is a new preiflcate name and 
a is a formula having no free variables other than the £.. 

The restriction on me free variables occurring in r or or is necessary 
to avoid definitions mat are ambiguous and have contradictory instantiations. 
For example, if we define f[xj * x+y. then two instances of mis are f[0] = + 0, 
and f[0] = 0+ 1, from which we can deduce = 1. Or if we define p[x] 3 
(x > y). then we have p[2] « (2 > 1) ■ (2 > 3) or T * F. 

Theorem 9. 2 ■ *" 

If T. c l is an extension of T c t, by Rule X; T then it is a conservative 
extension. Furmermore, if M is any model in X mat satisfies T, then there 
is a unique expansion of M in L, that satisfies T-. 
Proof: Let M be a model in L that satisfies T. If ^ is a new function name 
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in I, introduced by Rule X, then we define ?(dj, ...» d ) for any elements d. 
in the domain of M by letting this value be V(M, I,f ) where T is the defining 
term in Rule X, and I is an interpretation of the variables 5. into the d. 
respectively. Any other way of defining <p would not satisfy^ ^hie defining 
equation, and so the expansion of M is unique. If the extension is by way of 
a predicate name p, then we define S^d., . .\ , d_i to be true if and only if 
M, I \=a, where I interprets the 5. which are the only free variables in a into 
the d. respectively, and this expansion is also unique. 

Suppose Tj f=a and tt € L. Let M be any model for T. M has an 
expansion that satisfies T. and therefore satisfies a. Since d € L, the con- 
traction of M to M also satisfies a. Since this is true for all M that satisfy 
T, we have T|=a, and by completeness, T^M*. So T. is a conservative 
extension of T. 

f 

The uniqueness quantifier 3.5 means: "There exists exactly one § 
such that . . . . " It is not a new logical' concept, but merely an abbreviation. 
The formula 3^(00 is an abbreviation for aS^/S J^(«i^/5) = C = £))*, where C 
is a variable not occurring in a. Thisnotafipo is jysed only in languages with 
equality. 

If the formula a 5(a) has only the variables C 1 thru C free, and the 
(normal) model M satisfies it, then for every choice of d.. thrud in the 
domain of M, there must be exactly one d a%1 ^uqh, t|at ; jJT I intern-rets 
Cj, . . -»C n » I into dj thru d n+J respectively, then M, I ^a. This defines a 
n-ary function on the domain of M. 

Rule F (Function Definitions): 

In a deduction in a theory with equality, if line (j) is 
Z^Ua) and has only ^ thru C n free, QW -F* ****$ deriye as 
line (i) aMCj, . . . *C n ]/S) where tp is an, a^ary fimc^jn name, 
and the justification for line (i) is "Rul^ F j'', wfre£,e j < i. 

Theorem 9. 1 



If T <=■ L, T^Ka), a has only the variables 5 and the C- free, <p is a 
new name, and Tj is T U {a(<fi[C v . . . .C n J/S)}, then T x is a conservative 
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extension of T, and if M is any model that satisfies T, then there is a unique 
expansion of M that satisfies T-. 

The usefulness of definitions comes from the uniqueness of their 
model expansions, which is a much stronger condition than that the definitions 
are conservative extensions. It not only guarantees consistency, but means 
that the theory being developed is still applicable to the original model. 

A strong proof -theoretic property of definitions is that they are 
eliminable. This means that every formula in the extension can be effect- 
ively mapped onto a formula of the original language in a manner that 
preserves provability. So anything that can be said in the extended language 
can be said in the original language, although it may be of prohibitive length 
and therefore not a practical thing to do. Proving the effective elimination 
of Rule X definitions is easy. Proving the effective elimination of Rule F 
definitions using proof-theoretic techniques is quite complicated combina- 
torially. It is'done in [Kleene §74J. 

The following examples show how rapidly the process of definition can 
proceed. The theory J|,is the classical theory of natural numbers whose 
axioms we do not specify here. The theory is stated in the language 
{=,0. ',+,x}. 

1. (m< n) 5 3p(m + p' = n) Rule X 

2. (m * n) 5 -i(m < n) Rule X 

3. primefm] s -nSpaq^a < p A p < m A 

p x q = m) A-o <m Rule X 

4. 3 p((n = => p = 0) a (o< n => (This is now 

(n x p < m A n x p 2 m ))) provable. ) 

5. (n = => m * n = 0) a t (0 < n => 

(n x (m ■*■ n) < m a n x 

(m + n) % m )) Rule F 4 

This definition of division is peculiar. The reason is that Rule F 
only allows us to define total functions. In prd$r to ma£e division total, we 
have to arbitrarily define division by 0, it doesn't matter how. The second 
part of line 5 is the useful part, and it cannot be used to prove any properties 
of division by 0. 

This brings up an interesting point, which is that the models of first 
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order logic always have total functions. This does not mean that we cannot 
model a subject that has partial functions. It does mean that if we provide 
axioms that do not completely specify a function, then we may expect the 
theory to be incomplete, and to be satisfied by all models that complete the 
partial functions in all possible ways. 

To put this differently, suppose we had introduced as an axiom of N 
the formula < n => (n x (m * n) < m' a n x (m * n)' a m'). This defines divis- 
ion except by 0. It allows us to prove all the ordinary results about division 
that we would like to prove, but formulas such as m +0 = or m * = 1 will 
be independent of this theory. We may choose to use this approach because 
it is distasteful to make arbitrary choices that are not necessary. 

We now introduce additional definition schemas to define functions and 
predicates by cases, and to define partial functions and predicates. It is 
important to 'know whether a given function or predicate has been introduced 
as total or partial. The rules X and F already specified, and the rule K 
that we give next define total functions, the rules Pfc and PF define partial 
functions. 

Rule K (Definition by Cases): 
The definition schemas: 

• • • 

^^"•••Sm^V 
and 

• • • 

y k ^[5 1 .....* ri ] = V 

are justified when <i) $ or <p is a new name, (ii) the 1\ have no 
variables other than the Sj. and the 0^ and y^ have no free 
variables other than the Sj, (Hi) Tl—ity. A> ) for i < j * k, and 
(iv) THy, v ... v y ). if all previously defined function and 
predicate names used in such a definition are total, then the 
new function or predicate name is total. 
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Rule PK (Partial Definition by Cases): 
Same as Rule K except that condition (iv) is not required. 

Rule PF (Partial Function Definition): 

If T>y => 3^(00 where the only free, variables in this 
formula are Cj thru C fi . and p is a new function name, then: 

y^a<<P[Cj C n J/S) 

is justified, and defines a partial function. 

Problem Set 27 

1. Prove theorem 9.' 3. 

2. Prove that all total definition schemas imply unique model exten- 
sions, and that all partial definition schemas ifnply the existence of model 
extensions, and that all these extensions are conservative. 

3. Critique the following proposal for an "ambiguous function" 
definition schema: If Tt-a§<<*), and the only free variables ih this formula are 
C t thru C n . and <p is a new function name, then define <fi by <*#£, C I/?). 

§9.2 Herbrand's Theorem 
Definition 9. 4 

A sentence is called a prenex normal form sentence if it is 

Q 1 § T * *^n § n <a) where each Q { is either V or 3, the 5. are distinct variables, 
and a has no quantifiers. 

Theorem 9. 5 

Every sentence is equivalent to a sentence in prenex normal form 
having the same function and predicate names. 

If T is a theory, then Th(T) = Th(Tj) where 'Tj is a set of prenex 
normal forms equivalent to the closures of the formulas in T. 
Proof Sketch: To put a sentence in prenex normal form (i) eliminate "*" by 
(tt^P(o^)A(j)3 a), (ii) eliminate "=>»» by (a => fi) "» (-,a v 0), (M) change 

-103- 



variables so that every quantifier has a distinct variable, (iv) move the 
quantifiers outward using transformations such as -iV§(a) *♦ 3£(-ia) and 
a v VC(/3) -» V?(o v 0). These are all equivalences. (Note that in the last 
formula, a has no free 5. Why? ) 

Herbrand was trying to solve the fundamental problem of first order 
logic, which is to determine when a formula a is a member of Th(T), by 
purely proof-theoretic techniques. As part of this program, he showed how 
a theory could be expanded into a form in which there were no quantifiers. 

Given the theory T, we have the equivalent theory T- in prenex 
normal form, Let Q.^.. . .GLO«) be a senteaee of this theory. If Q. is 
universal, then it can be dropped by .rule QX3. If it is existential, then we 
can drop the* quantifier and make the substitution^]/ §, in the manner of 
problem set 27, number 3* In either case, we have gotten rid of the first 
quantifier. This process can be repeated for each quantifier in turn, merely 
dropping the universal quantifiers, and substituting ambiguous function names 
for the existentially quantified variables. If 5. is existentially quantified, 
then it will be replaced by 9. [5. , . . . , 5- ] where ^Q. . . . Q; are the universal 

quantifiers to the left of Q. in the original formula. For example: 

Vx3yVz3w<pJx, t[y b w]» z, g{y» *1J) 
becomes 

p[x, f[hl[xj. h2[x, zj], z, glhl[x], z]] 

where hi and h2 are new function names. They are called Herbrand function 
names . 

This process can be done for an entire theory T.. in prenex normal 
form producing the open theory T». From the previous discussion it should 
be clear that Tj U T g is a conservative extension of T., and that if M is a 
model for T , then there is an expansion of M that satisfies T_. This 
expansion is not necessarily unique. Conversely, any model for T, can be 
contracted to a model for T^. therefore T is satisfiable if and only if T„ is 
satisfiable. 

Let L 2 be the language of Tg. It is the language of T (and T.) 
together with all the Herbrand function names. Let H be the set of all 
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ground terms in L 2 . We add one constant to L g if necessary to make sure 
that H is not empty. 

Let T 3 be the set of all ground instances of T„. (If a is an open 

formula in T having distinct variables §, thru 5 . and h, thru h are in H 

i n 1 - n 

then a(h 1 /§ 1 , . . ..h n /S n > is a ground instance of a.) If T 2 is satisfiable, 

then obviously T g is satisfiable. The converse is also true, but needs a 
proof, which we supply presently. 

When we look at the formulas of T we see that not only are there no 
quantifiers, but there are no variables either. A formula in T_ is simply a 
logical compounding of ground atomic formulas. If we view each distinct 
ground atomic formula as a distinct propositional variable, then we can 
regard T g as a theory of propositional logic. If T g is satisfiable as a first 
order theory, then it is also satisfiable as a propositional theory by allowing 
a first order model to supply truth values for each ground atomic formula. 

Conversely, if T g is satisfiable as a propositional theory, then it is 
satisfiable as a first order theory. To show this, let M be a propositional 
model for T g . We define the model m' on the domain H of ground terms by 
defining function interpretations in the same manner as in lemma 8. 5. 
i. e. . <p(h r .... h n ) is the term (p{h y .... h n J. We define fthj. . . . , h ) to be 

true if and only if M ^[hj h m J. This defines m'. and M^T because it 

produces the same valuations on ground atomic formulas as does M. 

M' also satisfies T 2 because if a € T 2 . then a is an open formula, 
and if I is any interpretation of the variables of a into H. then M. l|=a, 
because the corresponding ground instance in f 3 is also satisfied by m'. 
(This sort of argument can only be used when We already know that the 
language has a ground term to express every abject in the domain of the 
model. The situation is similar in some ways to lemma 8. 5. ) This proves 
that T 2 is satisfiable if and only if T g is satisfiable. 

Theorem 9. 6 (Herbxand's Theorem) 

Suppose that T is an inconsistent theory. This fact can be demon- 
strated in the following way. Let Tj be the prenex normal form for T. Let 
T 2 be the open theory obtained from Tj by dropping quantifiers and intro- 
ducing Herbrand function names. Let T 3 be the set of all ground instances 
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of T 2 (making sure that H is not empty). Then there is some finite set of 
formulas in T, whose conjunction is propositjonally inconsistent. 
Proof: If T is inconsistent, then it is unsatisfiable by the consistency theorem. 
If T is unsatisfiable, then Tj» T 2 and T g are unsatisfiable as noted in the 
preceding discussion. Then T g is propositionally unsatisfiable. By the 
compactness theorem for propositional logic, some finite part of T„ is 
unsatisfiable, and by the completeness theorem for propositional logic, the 
conjunction of this finite set of formulas is inconsistent propositionally. 

This proof would not have been satisfactory to Herbrand. The state- 
ment of the theorem makes no reference to models, and can be proven using 
only finitary proof- theoretic methods. Such a proof is given in (Herbrand, 
p. 168]. The proof is complicated and has error which has been corrected by 
subsequent logicians. (Herbrand 1 s paper w^s presented as a thesis at the 
Sorbonne in 1930. In 1931 Herbrand was killed in an alpine climbing 
accident when a piton came out. He was 23 years old. ) 

If we can demonstrate inconsistency, then we can also demonstrate 
provability because T U {-,aj is inconsistent if and only if TH». The insight 
of Herbrand' s theorem is that in all cases only a finite amount of model con- 
struction effort is necessary to show that no model can be built for a theory. 
This suggests an entirely new approach to creating demonstrations than the 
Hilbert-type system, and Herbrand* s theorem is the "completeness" theorem 
for this new type of demonstration. This idea will be expanded in §9. 4. 

§9. 3 Substitution and Unification 

The theory of substitution and unification is part of the theory of 
resolution developed by [Robinson], It is interesting enough in its own right 
to be presented as a separate topic. It is perhaps part of the answer to the 
question: What is the equivalent in the theory of synabolic processing to the 
number theoretician's interest in factoring, least common multiples and so 
forth? 

Before we can perform the operation of substitution, we need some- 
thing on which to do the substituting. We could develop the theory of substi- 
tution on s-expression but, instead, we shall do it the way Robinson does it 
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so that nothing needs to be altered for §9. 4. 

Definition 9. 7 

A literal is either an atomic formula or else it is a negated atomic 
formula (i. e. . an atomic formula preceded by "V'h A clause is a finite set 
of literals. Literals and clauses that do not have variables are called 
ground literals and ground clauses . 

The interpretation of a clause that we shall use in §9. 4 is the dis- 
junction or "or" of its literals. The idea of a set of literals rather than a 
Sec * uence is that a set does ^t specify an order for its components, nor is it 
meaningful for an element of a set to be a member several times over. 
This is a useful condensation of the associative, commutative and idempotent 
properties of "v". A clause can be represented by the usual finite set 
notation which is a list of elements enclosed by braces and separated by 
commas. 

Examples of Literals: 

p[x ' y] - , qtx,ffy,g[x i y]J] 

-»pfk[}»j[]I r[x.(ABC)] 

Examples of Clauses: 

Hpfx. y]. rfx. (A B C)]. -iq[x. f[y. g{x. yJJ]} 

[x+y = 3. 1+2*3} 

Definition 9. 8 

A substitution component is an expression of the form "t/S" where r 
is a term and 5 is a variable, and r * %. its meaning is "substitute r for all 
occurrences of 5. ".. A substitution is a finite set of substitution components 
such that each I. is distinct. Its meaning is "substitute each r for all 
occurrences of its §.. " This is a simultaneous substitution. 

If C is a clause, and is a substitution, then C0 is the clause resulting 
from performing on C. For example, if C is {p[x. yj, -iqffty]j}, and is 
ig[z]/x, f[xl/ y }. then C0 is fpfgfz], f[x]].- iq [f[f[ x Jl]}. The notation C0A means 
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the clause resulting from first performing on C, and then performing X on 
the result of this. This is a "postfix" operator style of notation which has 
the advantage that the operations get performed from left to right. 

Definition 9. 9 

If is the substitution {t, /§ i# . . ,,T /§ } and A is the substitution 

i l -n,, n 

i a i /C< » . . . ,v /C_3. then the composition of and A, written 0X, is the sub- 

11 mm. *,< • ■-'- " " . ■ 

stitution defined as follows: Let A be the set of all components of A except 
those for which 'C, is one of the S's. Let be the set of all components of 
the form T.A/5. where T./£. is in 0, and T.A is the result of performing A on t., 
except those cases where T.A is 5. in which case T.A/5. is not a substitution 
component. Then 0X is defined to be the union of the sets ©' and A'. 

This definition of composition of substitutions is not commutative 
because it is intended to produce the substitution which is "first do 0, then do 
X". If the T«s replace all occurrences of the S's and then X is performed, 
they will get changed into tA's. The a./C. components can act on the original 
text only when Cj is not one of the 5's. However, even if they get thrown out 
they still have an effect in defining the T.A/5 components. For example, the 
composition of [f[x]/xj with itself is {f[f[x]]/x}. 

Corollary f). 10 

For any clause C, and any substitutions and X, (C0)X = C(0X). 
For any substitutions 0, X and m, (0X)ji = 0<X#). (Substitution is 
associative. ) 

The set of'all substitutions form a semi-group, with the empty substi- 
tution as identity. 

Examples of composition of substitutions: 

{x/y} {x/y, y/x} = {y/x} 
{x/y. y/x} {x/y} = {x/y} 

{g[x,y]/x,h[y.z]/y} {fl[y]/x. f2fz]/y, f3[x]/z} = tg[fl[y].f2[z]]/x, 
h[f2[z],f3[x]]/y,f3[x]/z) 

{n 2 + 2/m,3 x m /n} {n 2 - 3/m} = {n 2 + 2/m»3 x (n 2 - 3)/n} 
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Definition 9. 11 

A finite set of literals is called a singleton if it has exactly one 
element. If C is a finite set of literals, and~C* ijs a singleton, then is said 
to be a unifier of C. 8 is a most general unifier of C if it is a unifier of C. 
and if for every X which is a unifier of C, \. = 8*4 for some**. 

Not every set can be unified. A necessary but not sufficient condition 
for a set to be unifiable is that either all literals begin ; with "-i".or else none 
of them do. and that they all have the same predicate name. At the opposite 
extreme, if a set is already a singleton, then every substitution is a unifier 
of it, and the empty substitution is its most general unifier. 

Examples; 

{p[3], p[5]} cannot be unified. 
Cp[31»p{xjJ has most general unifier {3/x}. 
{p[x],p[f"[y]l} has most general unifier {f[y]/x}. 
£pM, Pfffx]]} cannot be unified. 

tqfffy], xj, q[x, f[z]]J has most 'reneral waifier {ffyl/x, y/z) or 
[f[z]/x. z/yj. 

The unification algorithm is an effective process for finding the most 
general unifier of a s<* o* literals if it exists. The algorithm as given does 
not work for clauses containing infix or postfix operators or other relaxations 
of grammar, and we do not attempt to change this. 

Let C be a finite set of literals. The disagreement set D of C is the 
set of all well-formed terms or formulas that begin a* the first symbol 
position at which not all of the literals of G agree. We can think of a cursor 
moving character by character from left to right on all? the literals in C and 
stopping as soon as there is any discrepancy between any two literals. We 
then copy the smallest well-formed term or formula that starts at each 
cursor position, and this is the disagreement set. Foar eftanipTe, the disagree- 
ment set of Cp[x, h[x. yj. yj. p(x. gty], yfc p{*.^l> J} fs £li{x, y], gin •). H C has 
at least two literals, then the disagreement set of C has at least two elements. 
The disagreement set is obviously computable. 
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The unification alogrithm is stated as a program, with program 
variables C, D, 9. S and T. C is initialized to the set to be unified, and a is 
initialized to the empty substitution. 

Loop: G:= C0; (Performing on C is specified here. ) 

If C is a singleton then terminate with most general unifier 8; 
D:= disagreement set of C arranged in a sequence with variables 

ahead of other elements; 
§:= first element of D; 
T;= second element of D; 
If § is not a variable then fail; 
If t contains occurrences of 5 then fail* 

9: = 9{r/ §} ; (Composition of substitutions is specified here. ) 
Go to loop; 

Theorem 9. 12 (Unification Theorem ) 

If C is a finite set of literals, then if it has a unifier, it has a most 
general unifier, and the unification algorithm will compute one. Otherwise, 
the algorithm will terminate with a fail. The algorithm always terminates. 
(Proof in [Robinson]. ) 

Problem 27 

The LISP function sublisfx, y] performs a substitution on the 
s-expression y when x is a list of pairs, each of which is a Substitution com- 
ponent. (See §8. 1. ) Let us call x a substitution if it is a list of pairs, and 
the cadr's of the pairs are all different atoms, and car and cadi" of each pair 
are distinct. Define a LISP function compose [x, y] such that if x and y are 
substitutions, then compos e[x, yj is a substitution, and if z is any s-expreSsion, 
then sublisfy, sublisfx, z J] = sublis[compose[x. y], zj. 

§9.4 Resolution 

We continue from the concluding remark of §9.2. Starting with a 
theory T that we wish to demonstrate inconsistent, we generate T. in prenex 
normal form, and T g which is an open theory. The next transformation in 
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this process of preparation is to put the formulas of T„ into what is known as 
conjunctive normal form. 



2 



Definitions. 13 

If Lj thru L n are literals, then Lj.v... v L n is called a disjunct . 
If D 1 thru D m are dis juncts, then Dj a . . , a D is called a conjunctive 
normal form . 

It follows from DeMorgan's Laws, and the distributive laws for 
logical connectives that every open formula is equivalent to a conjunctive 
normal form. Having put a formula in conjunctive normal form, we can then 
turn each disjunct into a clause simply by eliminating any redundancies and 
making a set of the literals. Now if we have a theory in such form, each 
formula is a conjunction of clauses. Since a theory is semantically the 
conjunction of its formulas, we can further collapse (he whole structure and 
regard the theory as simply a (possibly infinite) set of clauses in conjunction. 
The boundaries of formulas are no longer important. If T is an open theory, 
we call the equivalent set of clauses T . 

If T 3 is unsatisfiable. then there is some finite set of ground 
instances of T3 which is inconsistent. Call this T 4 . Ground resolution is 
an essentially propositional rule of inference on ground clauses that is used 
to demonstrate the inconsistency of T\. 

Definition 9. 14 (Ground Resolution) 

If a is an atomic formula, then a and -i« are called complementary 
literals - A ground resolvent of a pair of clauses having complementary 
literals is the clause consisting of all the other literals of bath clauses, as is 
indicated by the following schema, where a and -.a are complementary, and 
the 0. and ^ are any literals and i * 0, and j * 0. 

{a./Sj,...,^} 
h*.y l .....y l 

This rule is not only propositionally valid, but is complete in the 
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following sense: The empty clause has the value "false" in all interpretations. 
Robinson denotes the empty clause by the symbol Q. If a set of ground 
clauses is inconsistent, then it is possible to deduce O by a finite number of 
applications of ground resolution, and no other rules of inference or axioms. 

So far, there is no great efficiency in this schema. It is not any 
faster than earlier decision procedures such as {Davis and Putnam]. The 
major advantage of resolution compared to ground resolution is that it is not 
necessary to generate the theory T 4 at all. Resolution is a combination of 
ground resolution and instantiation. But instead of generating ground 
clauses, it does no more instantiation than is necessary. In resolution all 
substitutions are as general as possible. 

Resolution is defined as a deduction rule that has two clauses (not 
generally ground clauses) as its antecedents, and another clause as its 
consequent. A pair of clauses may have no resolvents, or one resolvent, or 
more than one resolvent. The completeness theorem for resolution is that if 
T 3 is unsatisfiable, then there is some finite sequence of resolutions on T» 
that generates D, The completeness theorem follows from Herbrand's 
Theorem and is in Robinson's paper. 

Definition 9. 15 

Let C and D be two clauses. Let c' be obtained from C by substitu- 
ting the variables xl, x2 ... for the variables occurring in C, and D'be 
obtained similarly from D using the variables yl, yZ . . . This is to guaran- 
tee that C and D have distinct variables without their being substantially 
different from C and D. 

Suppose that there are sets L, M and N such that: (i) L <=■ c', 
(ii) M c d, (iii) L-and M are non-empty, (iv) N is the set of all atomic 
formulas that are either in L or M, or whose complements are in L or M, 
(v) N is unifiable, and 6 is a most general unifier of N, and (vi) L0 and MS 
are complementary singletons. Then (c' -L)8 U <D' - M)0 is a resolvent of 
C and D. 

As an example of resolution, we prove the validity of the sentence 
Vx(p[x] = q[x]) 3 (3x(p[x]) s 3x(q[x]». (See problem set 21, No. 16. ) First, 
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the entire sentence is negated, to obtain the one sentence theory T, then it is 
put in prenex normal form. Tj, and the quantifiers are dropped introducing 
the constants kj and k g in Tg. Then it is put in conjunctive normal form, 
giving the theory T g which is the first six lines of the proof presented below. 
This is not at all obvious, and it will probably take some effort to obtain this 
result, and also to verify that T g really is the denial of the original formula. 
It is worthwhile doing this. Note that it is essential to the meaning of line 6 
that it have two distinct variables. 

Since each line in the demonstration is a clause, we do not bother 
with the braces. The renaming of variables is also relaxed in a manner that 
does not affect the demonstration. Lines 3 and 5 are superfluous. 



1. 


-.p[x] 


q[x] 


2. 


-iq[x] 


pw 


3. 


P{kj] 


ipM 


4. 


Plkj] 


qfkjj] 


5. 


-»qM 


IP*) 


6. 


-ip{xj 


-'qfyJ 


7. 


qlkjj 


qfr,] 


8. 


-ip[xj 


qfc,] 


9. 


T>M 




10. 


iqlx] 




11. 


*fcal- 




12. 


D 





Res 1. 4 
Res 6,7 
Res 6, 8 
R*#2, 9 
Res 7, 10 
Res 10, 11 

Lest we give the impression that resolution is obscure, we offer a 
proof of + =0 from the same assumptions as the long demonstration in 
§7. 2. In doing the preparatory work for this problem, we come across an 
interesting property of resolution. Suppose we wish to prove a from a set 
of formulas 8 thru 8 which can be axioms, definitions, or previously proven 
theorems. We do this by demonstrating the inconsistency of -i(8, ^ . . . o 
# n 3 «)• In conjunctive normal form, this becomes | A ... a fl a -,a. 
This means that the premises of the demonstration do not have to be negated, 
and that each one can be prepared independently. Qnly a needs to be 
negated. In the following demonstration, lines 1 thru 4 are given, and line 5 
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is the negation of what we are trying to prove. 
1. x^y y^z x = z 



2. 


xj* y x = y 




3. 


m + = m 




4. 


m+n = (m + n) 




5. 


o'+o'#o" 




6. 


(m+0)' = m 


Res 2, 3 


7. 


(m + n)V z m + n = z 


Res 1, 4 


8. 


m + = m 


Res 6, 7 


9. 


a 


Res 5, 8 



It is very characteristic of resolution that although we can prove 
m+ o' = o' directly with no negations of desired results, we cannot prove 
o'+ o' = o" this* way. The reason for this is that the latter is an instance of 
the former, and resolution always keeps things in their most general form. 
The preceding demonstration is about as efficient as one could hope for. 
Each line represents a bit of reasoning leading directly to the desired result. 

Since the invention of resolution, a great deal of effort has gone into 
making it even more efficient. Resolution fits in well with many different 
heuristic devices used by artificial intelligence programs. It has been 
shown that resolution is complete under severe restrictions as to the order 
in which different clauses get introduced. The effect of such restrictions is 
to cut through the combinatorial explosiveness of having to resolve all 
clauses in all possible ways. When there is a model of the subject matter 
available, it becomes possible to use it to drive the resolution into fruitful 
lines of attack. There is now an entire book about resolution and the many 
techniques that have been invented to increase its efficiency. [Chang and Lee] 

In comparing a Hilbert-type proof system with resolution, let us start 
with some of the differences. A Hilbert system is a linear method of 
deduction following precise rules and therefore subject to mechanical verifi- 
cation which we call proofchecking. It has more symbols than are actually 
needed, and at every point offers many different options. There are always 
different ways of expressing the same thing. Most of the design effort, 
including the various kinds of definitions, has gone into making it possible for 
a person who is inventing a proof to formalize it in a manner which approxi- 
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mates his own use of language. 

Resolution, on the other hand, has been designed for the purpose of 
mechanical theorem proving. Rather than allowing for flexibility in expres- 
sion, jus^the opposite tactic is used. The input data is reduced to a 
canonical form as soon as possible, even at the cost of making it humanly 
unintelligible. The combinatorial complexity is reduced by having a single 
rule of inference, by keeping all assertions in their most general form, and 
by heuristics, all of which provide restrictions rather than introduce 
additional options. The result is the most powerful in-depth mechanical 
theorem prover available today. 

We might ask what use is it? Even if further improvements resulted 
in a speed-up by a factor of 10 10 , this would not be enough to give a theorem 
prover the appearance of "intelligence" . The ideji of a theorem prover as a 
sort of universal intelligence has been largely abandoned by people working 
in artificial intelligence. The usefulness of a theorem prover seems to be 
in filling in the, gaps left by some more intuitive process, whether that 
process is human or machine. 

§9.5 Gentzen-Type Systems 

Gentzen developed a system of deduction quite different in appearance 
from Hilbert-type systems, for the purpose of studying the properties of 
deductions. An exposition of Gentzen's system can be found In IJCleene .$?7 J. 
We do not describe the system here, but simply comment that rather than 
being linear like a Hilbert deduction, a deduction in Gentzen's system has the 
shape of a tree with the resultant theoremat the base of th* tree, and a 
branching structure going up from this. The tip of every branch is a certain 
type of trivial tautology. 

An interesting aspect of a Gentzen-type system, which has a certain 
appeal for artificial intelligence programming, is that it is highly suitable for 
working backwards from the goal to the given data, creating a structure of 
subgoals on the way. A list of subgoais »ay be conjunctive or disjunctive, 
that is, either it is necessary to solve all of them, or only one of them. This 
sort of alternating tree is similar to a move tree in a two-person game such 
as chess. A Gentzen -type system would have been at least as suitable as a 
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Hilbert-type system for the purposes of this book, and probably more so for 
anyone building a real proofchecker. We have used a Hilbert-type system 
only because it is more familiar and easier to explain initially. 

Extensive research has been done on modified Gentzen-type systems. 
[Yonezawa] has designed a theorem prover containing many fewer and 
simpler rules than Gentzen originally had. He also has restrictions on 
generating substitution instances that make for efficiency. Yonezawa proves 
that this restricted system is nevertheless complete. When one looks at this 
program, one gets the feeling of seeing the basic principle of resolution 
(substitutions kept most general) in a different form. This suggests an 
interesting field of study which might be called comparative proof theory. 

§9.6 Decidability 

A theory T is called effective if T is a recursively enumerable set. 
If T is an effective theory, then Th(T) is a recursively enumerable set since 
it is theoretically possible to enumerate all deductions in T. 

The theory T is called decidable if Th(T) is a recursive set. This 
does not follow in any way from T being a recursive or even a finite set. 

Theorem 9. 16 

If T c: L is decidable and a € L, then TU(o) is decidable. 
Proof: If Tt-a. then Th<T U {a}) = TbXT). If TH-xa, then T U {a} is incon- 
sistent, and Th(T U {o}) - L. The interesting cas* is where <x is independent 
of T. We can assume that o is a sentence. Then by the deduction theorem 
T U [a} i-jS if and only if TH« => £, and this is decidable because T is decidable. 

Corollary 9.17 " 

Every consistent decidable theory can be extended to a complete 
consistent decidable theory. 

First order logic is called decidable if the set of all valid sentences 
is a recursive set. 
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Corollary 9. 18 

If there is at least one undecidable theory having a finite axiomatiza- 
tion, then first order logic is undecidable. (In Chapter Twelve we provide 
such a theory. ) 

Problem Set 2 9 

1. Prove corollary 9. 17. (See lemma 8. 1 . ) 

2. Prove corollary 9. 18. 
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CHAPTER TEN 
INFORMAL ARITHMETIC 



Preview of Chapter Ten 

The study of the natural numbers is known as number theory. When 
we say "arithmetic", we mean the more generalized study of s-expressions 
including natural numbers, or possibly the study of discrete data structures 
in general, which we comment on briefly. The study is "informal" in the 
sense of being a mathematical discussion in English as distinct from a formal 
theory expressed in first order logic <which we study beginning in Chapter 
Eleven). 

§10. 1 The Postulates of Arithmetic 

Peano's postulates for the natural numbers are: 

1. Zero is a number. 

2. The successor of a number is a number. 

3. Zero is not the successor of any number. 

4. No two numbers have the same successor. 

5. Any property which is true for zero, and is such that if it is true 

for some number it is also true for the successor of that 
number, is true for all numbers. 

These axioms are stated informally, and do not come with any 
instructions on how to reason logically from them. The notion of equality 
and its properties, as well as the notion of a function, and the fact that 
successor is a function, are also not explicitly given. In trying to reason 
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from such a set of axioms, it is not quite clear which assumptions that we 
bring to the problem are logical, set-theoretic, arithmetic, etc. That is 
why formal systems were developed. 

The last postulate is known as the induction principle, and has always 
been the most controversial of them. We have already used induction in 
many of the proofs of theorems in this book. The notion of "property" in the 
induction postulate is a bit vague. In formal number theory, property is 
taken to mean "predicate". 

The LISP postulates are a complete analogue to Peano's postulates. 
They even correspond in number. They are: 

1. Atoms are s-expressions. 

2. Cons of any two s-expressions is an s -expression. 

3. Cons of two s-expressions is never an atom. 

4. If a differs from 0, or if y differs from 6, then cons of 

a and y differs from cons of fi and 6 . 

5. Any property which is true for all atoms, and is such that 

if it is true for a and /3 it is also true for cons of a and 
P, is true for all s-expressions. 

The induction principle can be used informally on s-expressions to 
discuss properties of tree-type structures. For example, consider the 
LISP function reverse defined by: 

reversefx. y] «- [atom(x] -» x, T -» cons[reverse[cdr[xj}, 
reverse[car[x]]j] 

This recursive definition can be stated in English without reference to car and 
cdr as follows: 

(i) Reverse of an atom is itself. 

(ii) Reverse of the cons of two s-expressions is reverse of the 
second consed with reverse of the first. 

From (i) it follows that reverse of reverse of an atom is itself. Now suppose 
that reverse of reverse of o is itself, and the same for 0. Then by (ii) 
reverse of reverse of cons a and (J is reverse of (reverse of fi consed with 
reverse of a) which is reverse of cons of £ and a. Applying (ii) again we get 
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that this is reverse of a consed with reverse of which is a consed with /3. 
This supplies the induction step, and from the induction principle we conclude 
that reverse of reverse of any s-exprea*k»i is itself. 

There are only two differences between the LISP postulates and 
Peano's postulates. One is that cons is hixm&, WWlfe successor is unary. 
The other is that there are many atoms but only one zero. So in addition to 
the LISP postulates we need some atom postulates! 

1. Every atom is either a name or a number but not both. 

2. The names are in one-to-one correspondence with the 

numbers* 

Another way of putting (2) is to say that the names can be effectively enumer- 
ated. ;■- .:;•<.-. . 

Neither predecessor, nor car and cdr are mentioned in these postu- 
lates. The reason for this is t6 avoKfifte fact thlt &ea* are partial functions. 
However, there is no problem 'rotroddfcmV tie® W either partially defined 
functions, or functions completed in an "arbifeary J way .' 

The functions plus and times are not mentioned in the theory either. 
If one tries to define thea* ; fe : &§ ? linage : airem^^veV'by ^n^'s postulates, 
one finds that there 1* ncr way to do f^ifmii^^g 1 ^ ado* 'something more to 
the theory. In fact, when we formalize mis theory, it turns out that there is 
no way to make these definitions so that they are conservative. 

There is no reasonable LISP analogue for plus and times. Therefore, 
starting from this point, the two, theories diverge, r 

§10.2 Primitive Recursion 

The reason why the d«fmittoas of plui mnd^mes are not conservative 
is because they are recvtfvfer**^ Recursive mHmwsma do not always terminate, 
and. as we have seen In Chapter:. Five, there is ,no general way to decide 
wh^eh ones do and which ones do not. Wc. ^ have not, considered so far what 
happens when a recursive definition is adde^a^f^oxder theory. This 
topic is important, but needs a full and deta^ :: trea|ment which we provide 
in Chapter Fourteen. For the moment, let us note that it is "safe" to add a 
recursive definition to a theory if we know that it defines a total function, but 
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that such definitions are not necessarily conservative. (Note that none of 
the definition schemas of §9. 1 allow any recursion at all.) 

Because the problem of deciding whieh procedures compute total 
recursive functions is not generally decidaWe. it is useful to: define a subset 
of the recursive procedures which are easily; recogfused^y their restricted 
syntax, always define total recursive functions, and define a wide variety of 
important and useful functions. The set primitive recursive procedures 
meets these criteria, and any function that can be computed by a primitive 
recursive procedure is called a primitive recursive function. They are dis- 
cussed informally here, and formally in Chapter Twelver 

The basic idea of primitive recursion is to recur in a manner which 
counts down, and terminates at zero. In an explicit definition of f(n). f 
would not appear in the definition because this' is "circular" or recursive. 
In S P^itive recursive definition. f(n') is defined in terms of f(n), and f(Q) is 
defined explicitly. If f has more than one argument, then it is necessary to 
count down on only one argument. For example: 

(i) The sum of m and is m. 



(ii) The sum of m and the successor of n is ^he successor of the 
sum of m and n. 

Here the primitive recursion is on the second argument or n. If n is 0, the 
definition is explicit and does not refer 4b the sum^f anything. Otherwise 
the sum of some number and the successor of n is defined in terms of the sum 
of that number and n. 

The fact that primitive recursive definition always defines a total 
function is derived from the fact that counting d^^rd *Lw*y* arrivee at 
zero after finitely many operations. 

The definitions of plus and times gives in &«2 are examples of 
primitive recursive definition. After these* ,w* e*n make the definitions 
m n - [n = -» l.T -*m x m n ] 
hyperexptfm, nj *- [n = -» 1, T '■• m h yp^exptfm, n"h 

Hypercxpt[5, 3], for example, is 5 5 . 

An example of anarithmetic function that fs not primitive recursive 
is Ackerman's function. It grows faster than any primitive recursive function. 
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Aokerman's function is a function of three arguments, p, m and n. If p is 0, 
then it adds m and n; if p is I, then it multiplies them; if p is 2, then it 
computes m ; if p 1st 3, men it hyperexponentiates, etc. 

ack[p, m, n] «- [p = +m+tt,B = ■ '*♦ [p = 1 "♦ 0, T -»■ 1], 
T ' -* acfcfp", m, ackfp, m, n" JJ] 

Ackerman's function belongs to the class of double recursive functions. 
There is a transcendental hierarchy of recursion schemas of which primitive 
and double recursions are merely the first two steps. 

The concept of primitive recursion can be applied to definitions of 
s -expressions as well as numbers. The idea here is to count downward by 
taking car and cdr. fti a primitive recursive' definition on s -expressions, 
the function must be defined explicitly lor atomic arguments, and otherwise 
defined in terms of the function applied to car and/ or cdr of its argument. 
A function of more than one argument most follow thi« scheme for one only 
argument. 

The function subst is a tyfticaf example of" primitive recursion. 
Almost every LISP function we have defined so far except for apply and its 
subsidiaries is also pHmitfcve' r^ars***,,, Mmm- pa roeJ c he ck a»d propeval are 
primitive recursive, although it may take some rea rrangi ng of the ■ definitions 
to realise this. 

§10. 3 Other Arithmetics 

We use toe term "aritnme*fe f * to mean a formal mathematical system 
consisting of expressions that can be written la sjftt^f&iife'a&piM&e*,, and 
subject to a grammatical description. This is somewhat related to what a 
programmer would call a "data type'V S-expreswieais^ -..integers, arrays, 
and even floating point numbers can be considered arithmetics, but real 
numbers, or set theory cannot* because the theory is not about entities each 
of which has a standard description in some notation* Arithmetics always 
have countable domains. 

The following: question are important to 9m examination of any 
arithmetic: 

1. Is there a syntactic description of the domain of objects? 

2 . Is there a set of basic functions and predicates such that all 
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computable functions and predicates on the domain are recursive in terms of 
the basic ones? 

3. Is there an induction principle which applies to the domain? 

4. Is there a primitive recursion schema on the domain? 

5. Is there an axiomatization of the domain? 

As an example, we examine the intftgejrs ttfing this syllabus. We 
assume that the natural numbers have already been examined. 

1 . An integer is either a natural number, or a natural number other 
than zero preceded by a minus sign. 

2. All computable functions can be defined using the language of 
recursive functions starting only from successor, predecessor and equality. 
(Equality may be considered as given prior to any particular arithmetic 
because it is a "logical" notion. ) The predecessor is essential here, and 
cannot be defined from successor as it can be for the natural numbers. At 
this point, you might try to define addition, subtraction, multiplication, the 
ordering relations, the predicate positive[n], and the absolute value of n. 

3. There are several useful induction principles, all of which are 
equivalent, (i) If a property is true of and inherited under successor and 
predecessor, then it is true for all integers, (ii) If a property is true for 0, 
and inherited under successor and negation, then it is true for all integers. 
Any combination of a basis step and an induction step that covers all integers 
is a valid induction principle. 

4. The most obvious primitive recursion schema is to define a 
function explicitly for zero, and then to define it for positive cases in terms 
of the function of the predecessor of the argument, and for negative cases in 
terms of the function of the successor of the argument. This means counting 
up or down, but always toward zero. 

5. The equivalent of Peano's postulates seems to be: (i) Zero is an 
integer, (ii) The successor and predecessor of an integer are integers, 
(iii) The successor of the predecessor of an integer and the predecessor of 
the successor of an integer are both equal to that integer, (iv) Zero is not 
positive, (v) The successor of zero is positive, (vi) The successor of a 
positive number is positive, (vii) An induction principle such as 3(i) above. 

Without (iv) thru (vi), we could be describing a finite set of objects 
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arranged in a circular chain. But these axioms specify that is not positive, 
while 0,0, etc., are. So cannot belong to this sequence. 

[McCarthy] considers methods of defining arithmetics from given 
base sets using as basic operations "disjoint union" and M cross product" on 
sets. He shows how the defining equation for an arithmetic answer questions 
1 and 2 of our syllabus. This method could easily be extended to provide 
answers for the rest of the questions also* 
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One's not half of two, it's two are halves of one: 

e. e. cummings 



CHAPTER ELEVEN 
FORMAL ARITHMETIC 



Preview of Chapter Eleven 

The arithmetic of numbers and s-expressions discussed in Chapter 
Ten is formalized into a system which consists of a theory* Jfltfs a set of 
rules for extending the theory by means of definitions and primitive recursive 
schemas. A sample of the development of the theory then follows. 

§11.1 Multi -Type L ogic 

The use of types in first order logic f* a 4JOJ*y«n4est abbreviation, and 
not a new theoretical concept. Formal aj?itipg0^is,aft^ry about s^expres- 
sions, and about number* which are a special type of s^ej^esj^on. We 
adopt the convention that variables begii|B^n4fe.w^^« Utters hu, n, p and q 
are to range over numbers, while variables beginning with^the Utters r,|hru 
z are to range -over s- expressions. We < tym"£W&!feftH* mlm* &•«» con- 
ventions throughout this book. Var|abJ^s^bj|gin|^ng with tb* f letters a thru* 
are reserved for future use* ., 

When writing formal schemas, we -■: shall ifi%,.^|e,i^p«e|t letters 5<xi) and 
C(zeta) stand for s-expressioh, variables, a^ij^e^#nd^u£ ; stand for 
numeric variables. 

A formula having the from Yi#«) iS;anfabb^eYMU|oii|or,YUn ui n[5] => 
a(5/n)), and a formula having thMrom^fi|(«MM)» *Nwpri*&»ft for fcStaumJ 
I] A-<a(S/q).)» where § is a new variable. An op«r> formula having numeric 
variables is equivalent to ite closure. Everything we .need to know about the 
use of typed variables follows from thee* la***. If we; simply -keep in mind 
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the intended interpretation, we shall not go wrong. 

Having assigned types to variables, it then becomes reasonable to 
assign types to function names, predicate names, and terms in some cases. 
If a function has n arguments, then it has •» argument types and a value type. 
If a predicate has m arguments, then it has m argument types. (Its value 
type is "truth value" or ff. ) 

For the purpose of first order theory of arithmetic, we consider the 
following functions and predicates to be basic, and assign types to them as 
follows: 



equal: 


S * S •♦ v 


successor: 


N -*N 


atom: 


S -*tt 


cons: 


SxS 


name: 


s ■** 


enumj 


N -*S 


num: 


s ■♦* 







We have now created a very precise situation in which each of these is 
a total function or predicate on its intended domain. Tnt» : wUa be quite use- 
ful in presenting the meory that follows. 

We now proceed to aars^w tjppe* to terms. & a term has a type 
according to these rules, it will be called a well-typed term. But not all 
terms will be well typed, and we do not intend to exclude terms that are not 
well typed from consideration. T!i**$y|>e of a : **riafel» "«*» been given. 
Variables that do no* begin with tiietetter mVifc^pt '% '&** ** thru z are not 
typed for the presents The : type**#tftm*er^s tritttffHfei'- and the type of any 
other object is s -expression. If <afr t , ,..,t } is a term such that for each i, 
if the i-th argument type of <p is numeric, then W. %d <tts£flfsjr$ev ***d if me i-th 
argument type of p is s-expresaion, then the type^of f. $m elmer s-expression 
or numeric, then the entire term is well typed, and its type Am file value type 
of <p. Otherwise, fee term is hot well ty#e©V #«£ can also define atomic 
formulas to be weH typed in the same manner; 

If we were working with more than these tw* types, the same principle 
would apply. Some types are sub-types of o4*»ers itt the sense that all 
numbers are s -expressions. That being the case, the i-tii argument term of 
such a term should be either the i-th argument type of the main function of the 
term, or a sub -type of that type. 
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These conventions allow us to say that a term such as length[x]+ 1 is 
a numeric term because length is numeric valued. A term such as car[x] + 
cadr[x] is not well typed, but it might still be meaningful, depending on 
whether or not x is a list of numbers. 

The conventions on typed variables affect the idea of substitution. Ql 
and Q2 need to be modified. The following rules are valid for substitution on 
a numeric variable: 

Qla : Vrj(a) 3num[r]^a(r/i7) 

Qlb: V77(a) ^ <x(T/r)) where T is numeric 

Q2a : a(T/n) => num[T] ^ Zrft.a) 

Q2b: a (T/T7) 3Jt|( a) where f is numeric 

Examples: 

Qla: Vn(n'> 0) => num[car[x]J^ car{xj'> 
Qlb: Vn(n'> 0) P 3'> 

The definition schemas X, F, K, PF and PK of $9. 1 get modified 
appropriately. We shall examine the situation for Ilule F; the rest are 
similar. 

Suppose that we have deduced the formula 3.17(a).. There are two 
abbreviations in use here, and just as a reminder, we write this formula in 
its expanded form. 

3§(num[l] a a(l/n) a VC«num{C] a etiCM) => 5 = C» 
Let the formula a have only rj, S thru § n » and u thru u free. Let (p be a 
new name. Then we can write aip[\y .... l^ v y . . . , ^l/i?). The function 
<p will have a numeric value type because i; is a numeric variable, and will 
have n s- expression arguments followed by m numeric arguments. There is, 
of course, no reason to list them in this order, but whatever order is used in 
the term <p[. . . ] will determine the argument type description of <p once and 
for all. 



§11.2 Axioms for the Theory of Arithmetic 

The axioms are listed in groups with some discussion when necessary. 
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Group A : The theory of equality, EL. 

This group includes the three equivalence axioms for "*", and an 
axiom for every function and predicate name that will ever be introduced into 
the theory. (See definition 6.11.} 

Group Br Feano Arithmetic 



Bl 


numfn J 


B2 


nV 


B3 


m = n ^ m = n 


B4 


«(0/#3^«|:: 



ettrj I iff) •■= Vn(a) 

These axioms correspond to Peano's postulates 2 thru 5. For postu- 
late 1, see the computation schema. Group G. 

Schema O Primitive ISeettrsiow on 1&** ^atCBPai Numbers 

where (i)^p is a new nam®,, fi#T has nee oecurrencey of ^>, and 
no variables other than the* t f , («!} eveiry ©c^wrenee of ^ in t„ 
is of the form ^f, . . , Tfo and t^ has no variables other than the 
I. and r\, and (iv) ^ and r % are well typed. Some of the I. 
may be of numeric type,, and the argument ^ does not have to 
be placed last. 

The function <p defined? in &&& schema wH$ be of numeric value type if 
both Tj and 7^ are of numerfc type r and w&l have 3 -expression value type if 
one or both of the fj are s- expression typed, The argument types of <p come 
from the types of the £,. and the type of if which is numeric. 

The primitive recursion scteemaarfor w *" aw* ***"' are part of the basic 
theory. They are: 

m + = m 1 

m + n' = (m+n)' J 
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and 



m x = 



m x n 



m 



-Mm x n) J 



Group D : S- Expression Arithmetic 
Dl: -i atom [cons [x, y]] 

consfw, x] = cons(y, z]3(w = yA X =z) 

V|(atom[§] = a) o V5VC(a => a(C/§) ^> 
a<cons[S,C]/5))=>v§(a) 



D2 
D3 



Schema E; Primitive Recursion on the S- Expressions 
atom[C ]^<P[§. 



<P[§. 



i n .con S [C r C 2 ]] = r 2 J 



where (i) <p is a new name, (ii) Tj has no occurrences of <p, and 
no variables other than the §. and C, (iii) every occurrence of 
<p inr 2 is either ^[....Cj] or 9[...,C 2 3. and T g has no variables 
other than the 5.. ^ and C 2 > and (iv) Tj and r 2 are well typed. 

The comment about the type description of ? made for Schema C holds 
for Schema E, except that the recursion variable here is always of s -expres- 
sion type. 



Fl 
F2 
F3 
F4 
F5 



Group F : Atoms 

name[x] => atom[xJ 

numfx] => atom[x] 

atom[x] => (name[xj= -inumfx]) 

name[enum[n]J 

namefx] ^ a^ewum^} tt *) 



Group G : Computation Schema 
All true ground literals formed from the basic functions listed 
in §11. 1, and the functions predecessor, plus, times, car, cdr, 
and their compositions. 
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This schema is for the purpose of saving us time, and to enable us to 
make free use of numbers and s- express ions. Without this schema, the 
theory would be about the numerals 0, o', o", etc., but not about 1, 2, 3, etc. 
All such literals can be evaluated rapidly by a computer program. 

Examples: 

2 + 2 = 4 cons{A. (B C)] = (A B C) 

2 + 2^5 num[cadr{(2 3)]] 

-»atom[(A B C)J -inum[A] 

Group H » Embedding 

If the theory of s-expressions is embedded in a larger theory 
in which mere are things that are not s-expressions, then we 
need a predicate sexprfa] having universal scope and true for 
s-expressions only. (The variable 'V is not of s-expression 
type, ) We need to add sexpr to the computation schema, and 
we need two other axioms, namely: aexprfconsfx, yj], where x 
and y are s-expression variables, and atomfa) b sexprfaj. 
This situation presents itself when we consider a second order 
theory in which there are sets of s-expressions. 

In addition to these axioms, we need definition schemas. In §9. 1. we 
defined schemas X, F, K. PF and PK. Schema X is really a special case of 
schema K in which k = 1, and y % is T (true). These form a part of the 
theory of arithmetic, with suitable allowances being made for types. 

Definitions made with quantifiers do not, in general, define functions 
that are computable. To define functions by explicit schemas that always 
result in computable functions, we must introduce as special cases of F, K, 
PF and PK the rules CF, CK. CPF and CPK. These have the same schemas 
as F, K, PF and PK, except that no quantifiers are permitted in any of the 
formulas of these " computable 1 * sohemas. For example, OF is the rule that 
permits afpr^, . . ., § n )/C) after having deduced a {'<«-) where a has no 
quantifiers. 

We can now say something about each function and predicate name 
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defined in the theory of arithmetic by examining its history of antecedent 
definitions. When we do this, we find that some functions have been totally 
defined, while others have been partially defined. So^eaje computable 
from the definitions, and some are not. Thejse tw. a combine in all four ways. 
For example, a function may be only partially defined, but the definition 
gives an effective method for deciding whether it is defined and computing it 
for those cases in which it is defined. 

We have defined eight definition schemas, not counting schema X 
which is a special case of schema K. The way in whicji these schemas 
preserve computability and totality is summarised as follows: 

Schema: F K PF PK CF CK CPF CPK 

Preserves totality: yes yes no no yes yes no no 

Preserves computability: no no no no yes yes yes yes 

Definition 11.1 

A basic function (lor the first order theory of arithmetic, not for com- 
putability) is equal( = ), successor( ), cons, atom,* num. name or enum. 

A primitive r ecur sive function is a function that may have the primi- 
tive recursion schemas, and CK in its history of definition, but no other 
definition schemas. * 

A total function has only the primitive recursion schemas, and the 
definition- schemas F and K in its history. <CF and CK are special cases of 
these. ) • ■• . * 

A computable partial function has only the primitive recursion 
schemas, and CPF and CPK in its history. ; (CFand CK are. special cases of 
these. ) The special quality of these functions is that it is possible to compute 
the domains of definition, and to compute the values. for specific arguments 
within these domains. 

A total computable function has only the primitive recursion schemas, 
CF and CK in its history of definition. 

It is evident that the primitive recursive functions are total computable 
functions by this classification schema. 
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The language used in definition 11. 1 is a bit sloppy. When we used 
the word "function", what we really meant was "function name or predicate 
name". What we have just done is to introduce a classification schema for 
the names introduced into the theory of arithmetic by the various definitional 
schemas. The fact that a given name is classified as "computable" does 
indeed mean that it corresponds to a computable function, but a function name 
not classified as "computable" may also correspond to a computable function, 
although the method used to define it does not of itself provide a computational 
procedure. 

A name classified as "computable" but not "total" has the peculiarity 
that there is an effective means ai deciding whether or not it is defined for a 
given set of arguments, and then there is an effective means of computing the 
value when it is defined. This is more than can be said for partial recursive 
functions in general. This special cateogry is useful for predecessor, sub- 
traction, division, car and ed*v functions defined only ©ft Mats, functions 
defined only on lists of numbers, etc. 

We now have a developing system with many built-in conveniences for 
making definitions. We have been calling it a "tksory", but it is not strictly 
speaking a theory, but rather a theory, and a set of rules for creating 
extensions. Once a certain extension is -created* it restricts the use of a 
certain name which ttoen cannot be used to create some other extension. 

The system we have just described has a model which is the domain 
of s -expressions, with the basic functions having their standard interpretation. 
Each extension has a corresponding enlargement of the model. If the 
extension is total, then a uniquely defined function or predicate is added to 
the model. If the definition is not total, men mere may not be a unique 
enlargement of the model, but there will be at least one enlargement. 

As was already mentioned, me total definition schemas are conserva- 
tive, and in fact eliminable, but the primitive recursion schemas are not so. 
This raises the question as to whether there is some language with a finite 
vocabulary that is adequate to describe the theory. If we restrict ourselves 
to the numeric part of the theory, then Gttdel answered this question by 
showing that the only instances of the primitive recursion schema needed are 
those for "+" and "x", and that once these formulas have been given, all 
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other primitive recursive functions can be defined using only rules F and K. 
So formal number theory is presented in the language {=.0, '. +, x] . The 
proof of this fact involves coding finite sequences of nuriibera into single 
numbers, and then showing that there is a function definable from + and x that 
can extract the i-th component of such a sequence. 

§11.3 Development of fee Theory 

The purpose of this section is to provide some concrete examples of 
the system specified in §11.2. The first part is about number theory, and 
the second part is about s- expression theory. 

In the development that follows, many shortcuts will be used to make 
the formal deductions less tedious. We shall assume various properties of 
prepositional logic, quantifiers, variables, and equaiity^including symmetry, 
transitivity and replacement. However, every detail involving the properties 
of arithmetic will be written out in full. i. e. . all references to the axiom 
system we have just presented will be completely explicit, the distinction 
between properties of logic and equality on the one hand, and properties of 
arithmetic on the other can be made very precise. 

We start out by repeating the fbllow&g definitions: 

Dl: + : NXN -»N m + = m 1 - ' ^ 

/ , r Schema C 

m + n = (m 



+ n)'J 

= 1 

, I Schema C 

n = m + (m x n)J 



D2: x : nxN-*N m x 

m x 

Thl: + m = m 

The proof from almost identical axioms has already been given. 

Th2: m'+ n = <m + n)' 

1. m + = m' Instance of Dl 

2. m + = m Dl 

3. m + = (m + 0)' Replacement 1. 2 
(4) 4. m'+n = (m+n)' Assume 

5. m + n' = (m'+ n)' Instance of Dl 

(4) 6. m + n' = (m + n)" Replacement 4. 5 
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(4) 7. m'+ n' = (m + nV Replacement 6. Dl 

8. m + n = (m + n) => 

m + n = (m + n ) Discharge 4, 7 

9. (m' + 0,= m) 3%i(m / + / n = (m + n) => 

m + n=(m+n))=> 

Vn(m + n = (m + n) ) Instance of B4 

10. m'+ n = (m + n)' From 1, 8, 9 

Problem 30 

1. Th3: m + n = n + m 

2. Th4: x m = m 

3. Demonstrate m^O^ a.nln' = m). Then predecessor can be 
defined by m / 3 m = m. 

From here, one may proceed to prove the commutivity of multiplica- 
tion, the associativity of addition and multiplication, the distributive laws, 
and then move into the area of primes and factoring. 

Because this is a first order theory, one cannot talk about sets of 
numbers, but only individual numbers. For example, one cannot state 
directly, let alone prove, that every number can be factored uniquely except 
for the order of the factors, into prime factors. However, one can state 
this indirectly because the set of factors of any number is always a finite set. 
It is possible to state, and to prove, that for every number there is a list of 
primes, unique except for order, whose product is that number. 

Every non-empty set of numbers has a least member, but this cannot 
even be stated indirectly so as to apply to all infinite sets of numbers. A 
related concept is to say that any predicate satisfied by at least one number 
has a least number that satisfies it. If is any numeric predicate, then we 
can prove as a theorem 3n(^[n]) ^ 3n(4>[n] A Vm(0[m] => m * n)). However, the 
statement "This theorem schema is true for any ^, " lies outside the scope of 
first order logic because it informally quantifies on a predicate, whereas first 
order logic quantifies on variables only. 

Second order logic quantifies over first order predicates. However, 
there is no effective method of deduction for second order logic which is 
semantically complete in the sense that if TJ=a, then THa. An alternative to 
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second order logic is to stay with first order logic, and to develop a second 
order theory whose intended model has a domain of two types, numbers and 
sets of numbers. (We do this in Chapter Fifteen, only for s-expressions 
and sets of s-expressions. ) But there is no escaping the essential incom- 
pleteness, which in the latter case presents itself as an incomplete theory 
rather than as an incomplete logic. Still, second order number theory is 
more powerful than first order number theory. In fact, second, third and 
even fourth order theories are in constant use by mathematicians, and their 
formalization is a necessity that must be faced. For example, one may 
speak of real numbers, functions of real numbers, and families of functions 
of real numbers, the latter being a third order concept. Such investigations 
lead us to the study of axiomatic set theory. 

In the development of first order s-expression theory, we find it con- 
venient to introduce the infix "*" to represent cons. We shall have it associ- 
ate from right to left, so that A*B*NIL = A*(B*NIL) = (A B). The function 
append which is familiar to LISP programs will be represented by a colon(:). 
Its primitive recursive definition is: 



D5: (:): S x S -» S atom[x] =3 x:z = z 

(x*y):z = x*(y:z) 



} 



Schema E 



Th6: atom[x] => x:[y:z] = [x:y]:z 

(1) 1. atom[x] Assume 

2. atomfx] ^ x:[y:z] = y:z Instance of D5 

(1) 3. x:[y:z] = y:z Modus ponens 1, 3 

(1) 4. x:y = y Modus ponens 1, D5 

(1) 5. x:[y:z] = [x:y]:z Replacement 4, 3 

6. atom[x]=>x:[y:z] = [x:y]:z Discharge 1, 5 

Problem 31 

1. Th7: x:[y:z] = [x:y]:z. Hint: It is important to choose the correct 
induction instance. If we induct on x, then Th6 is the basis step. Show that 
if u:[y:z] = [u:y] : z and v:[y:z] = [v:y]:z, then [u*vj:[y:z] = [[u*v]:y]:z. 

2. Define the partial computable functions car and cdr. 
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The theory of s-expressions has no standard curriculum, unlike 
number theory. At this point, one might formalize notions of permutation, 
combination, rotation, etc. , or one might define sublis, and develop formally 
the theory of substitution presented in §9. 3. 
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CHAPTER TWELVE 
RECURSION AND DEDUCTION 



Preview of Chapter Twelve 

Starting with this chapter, we unite two subjects which have been 
developed more or less independently unUJ n^w. In Chairs Two and Five 
we developed the language of recursive functions, v|f$V.i8 "a language for 
describing formal computations on s -expressions. The notion of recursion 
is shown to be absolute, and completely independent of this method of defining 
it, because, by Turing's and Church's theses, |t is identified with effectively 
computable. 

In Chapters Six thru Eleven, we have developed tfee subject of first 
order logic as a language for making assertions, and^oyfnjj consequences of 
these assertions, and then particularized this, to the theory of s-expressions. 
The only relations between deduction and recursion tijat we have established 
so far are that deduction is subject to mechanical verification^ i. e. , 
"proofcheck" is recursive, and that certain types of definition within first 
order arithmetic provide recursive descriptions. 

There are two important questions about the relation between deduction 
and recursion that we consider in the rest of this book. The first is the 
problem of representing, and discussing recursive functions or effective pro- 
cedures within first order logic. The second is the problem of reducing 
deduction to computation in routine cases. In this chapter, we begin with the 
first of these questions by "representing" recursive functions in arithmetic. 

§12. 1 Expressibility and Representability 

In this chapter, let us consider the theory of arithmetic as consisting 
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only of those function and predicate names that we classified as "total" in 
Chapter Eleven. These are the names that necessarily lead to unique model 
extensions because of their definitional history. Since the standard model 
for formulas in this language is unique, we can speak of a formula as being 
either "true" or "false" according to whether or not this model satisfies it. 
There is no middle ground. (We **© '-not -^ftMiaB&aj 'mat there is an effective 
procedure for deciding which formulas are true and false, only that each one 
must be either true or false. ) 

Definition 12.1 

If y Is a predicate in the sense of being a mapping from S m into ff, 
then it is an arithmetic predicate if there is an m-ary predicate name $ that 
can be defined iii me theory of arithmetic such mat lor^any s- expressions or 
thru a tyo , . . . f a ) is true if and only if >j* 1 . . . .^OL,] is true. 

For any formula a, we write A*"« to mean that there is a deduction of 
a from the theory of arithmetic. A is understood to mean the theory consis- 
ting of all the axioms ajatf'a^riom schemas discussed in t^j^e* Eleven, and 
the definitions and primitive recursion schemas necftssary to define all the 
function and predicate names In il» Ihhis is aotl»e moat satisfactory 
notation, because it does "hot "fully specify ;f i^ i ' > Buili 1 wiiX not lead us into 
error if we are aware of this. ; 

Definition 12.2 

The predicate # is exp ressible if it is possible to define a predicate 
name in arithmetic such that for any s-expr^sj&^o^thru 0^, if 
^ {<J V ' ' ' ' C m ) is true ^ nA}, ^\ a m ± an i^|^*> ..... ,.? m ) is false, then 

The n-ary function <p js re presei^ab^e if it is possible to define a 
function name <p in arithmetic such that for any s-expressions a thru a , if 
£«r r . . . , a n ) = a n+1 . then Ah^, . . . . V* <W 



'-> n 



The notions of arithmetic, expressible and representable, may also 
be relativized to functions and predicates having numeric arguments or values, 
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Corollary 12. 3 

All expressible predicates are arithmetic. 

All expressible predicates and represehtabie functions are recursive. 

The effectiveness of the theory A, and the fact that the theorems of an 
effective theory are recursively enumerable are a stfflFicierit proof of effect- 
iveness. Keep in mind that for a procedure to define a total function is not 
the same thing as our being able to prove that it defines a total function. 

§12.2 Primitive Recursion 

Corresponding to the definition of primitive recursive functions in the 
system A, there is a subset of the language of recursive function definitions 
that leads to primitive recursion. Mfe.liat the corresponding schemas side 
by side: 

Schema C: 
<Pf5 5 ..0J=T I 

. , } ^[5 1 .....5 n .n]> [»? = o-»r t +r. An'iv)) 

*>[?! V 1 *^} 

Schema E: 



«niC]^ r .o«]-r 1 J ^....^ClMatomK]^, 
> r ....? n ,C 1 *5 2 ] = r 2 J 



atom[ 

<p[Z v .;..% n ,Z l *l 2 ) = T 2 J T-»T a (c^[CJ/C r cdr[C)/C 2 )J 

Rule CK: 



• • • 




*[5 1 .....? m ]«- [y 1 •»« 1 .....y k ■♦a k ] 



k°^l 5 nJ = T kJ 



and 



*f5 r . SjM 5 n K[y 1 .-*r v ....y k -T k i 
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The restrictions for Schemas C and E,. and Rule CK are given in 
§11.2 and §9. 1, respectively. In particular, there are no quantifiers any- 
where in these schemas, and it must be provable that exactly one of the y. 
must hold. The definitions in the right coluaam define the subclass of the 
recursive functions that are the primitive recursive functions. 

Theorem 12.4 

All primitive recursive predicates are expressible, and all primitive 
recursive functions are representable. 

Proof: By nested induction. The outer induction is on the length of the 
definition history. The basis of the induction ?i» 4bat^ttie basic functions are 
representable. This follows from the computation schema. Group G. The 
induction step is to show that for each schema, if all the preceding definitions 
are representable, then it is representable also. 

For Rule CK, the fact mat any ground instance of the schema can be 
proven or refuted follows from the induction hypoplasia, and the replacement 
of equal terms and formulas, since there are no variables or quantifiers to 
deal with. For the schemas C and E, there is also an inner induction needed. 
The preceding method will work only for t*re case that n .« $ in Schema C, or 
atom K J in the case of Schema E. Bui this is the basis for an induction on 
the natural numbers or the a- expressions whereby ff#(..!.,»I can be repre- 
sented, then <p[. . . , n'j can be represented, or iff»[ ,CjJ and <p[. . . , C 2 ] can 

be represented, then <&. . . , Cj*C 2 J can' be Represented. 

§ 12. 3 The Incompleteness of Arithmetic 

We are now able to demonstrate that the theory of arithmetic is 
incomplete. This is not in itself surprising, ^because we have not investi- 
gated the axioms presented in §11.2 v^jry seriously, and there is no reason to 
believe that they are sufficient to prove everything mat we would like to be 
able to prove about arithmetic. However, the incompleteness theorems will 
apply to any attempt to strengthen these axioms^also. We prove incomplete- 
ness in three different ways. 
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Lemma 12. 6 

There is a primitive recursive predicate aproof[x, y] which is true if 
and only if x is the s-expression translation of a formula a in the system A, 
and y is the s-expression translation of a deduction that proves a in A. 

We do not offer a formal proof of lemma 12. 6 which would have to 
begin by writing out such a proofchecker. By now, you should be aware that 
if the amount of "work" that is involved in evaluating a recursive function is 
bounded exponentially by the size of its argument, then it will be primitive 
recursive. 

In order to be able to assert meaningfully that AHa, we must make 
sure that the names used in a have the meaning that we intend. We shall say 
that a sequence of lines as in a deduction determines a if every name 
appearing in a except for the basic names is totally defined in this sequence. 
Suppose X is the s-expression translation of a sequence that determines a. 
Then if there is some s-expression M such that aproof[X : ji, a*] is true, then 
we can reasonably assert that a has been proven. (The symbol ":" means 
append, and n is the continuation of a deduction that begins with X. a* is the 
s-expression translation of a. ) 

The predicate aproof, or something similar to it, is what Godel called 
"the arithmetization of metamathematics", meaning that we can interpret an 
arithmetic fact, namely that the predicate aproof is true for certain arguments, 
as an assertion about the provability of some formula. 

The key to Godel' s incompleteness theorem is that the arithmetization 
of metamathematics allows us to create a sentence which asserts "I am not 
provable in arithmetic. " If this formula is provable in arithmetic, then it is 
not true, and so arithmetic is capable of proving things that are false. If the 
formula is refutable in arithmetic, then if arithmetic is true, it is provable, 
and so again we have deduced something false. So if arithmetic is true in the 
sense that the standard model satisfies it, then it is incomplete, and this 
sentence is true but neither provable nor refutable. 

Theorem 12.7 (Gttdel's Incompleteness Theorem ) 

The system A is incomplete, in the sense that there is a formula )3 
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such that neither A l-£, nor AHjS. 

Proof: The primitive recursive function subquote is defined as follows: 

subquotefx, y. z] «- [atomfz] -» [y = z •♦ list[QUOTE, x], T -» z], car[z] = 
QUOTE •♦ z, T -» suto^tete y, car[zJ]*sttbquotetx, y, cdr[z]]] 

Let X be an s -expression translation of a determining sequence for aproof, 
append* : ), and subquote, Qwwtid^ the f^naula: 

a: -i3x(aproof[X:x, subquotefy, Y, y]J) 

Its translation is the s- expression: 

a* : (NOT (EXISTS X CAP8QQF (AFPEKP {QUOTE X) X> 
(SUBQUOTE Y (QUOTE Y) Y))» 

a* is a genuine s -expression, and me dtuy thing tfcat prevents our writing it 
out in full is that we have not wrfltett « pit^rtraa fbr aparoof. and then converted 
it into a sequence of primitive reearaive defhfc^olt^ih A. This would make 
the s-expression X perhaps two or three written^ f«y^% length. 
Now consider the form^a^ 

P: -«3x(aproof[Xtx,subqiMrte{«* t Y,«6*I> 
Its translation is the s-expression: 

0* : (NOT (EXISTS X (APROOf ( APPEND (QUOTE X) X) 

(SUBQUOTE (QU0T$, a*> £QWOTE Y\ (QUIGfEE «* ))))} 

£ is a sentence confining the ground term subquatef«*. Y, ,«*], This term 
can be evaluated using the definition of subquote, and the value turns out to be 
the s-expression fi*. Since subquote is primitive recursive* it is represent - 
able, and therefore A>subquotef<**. X. «* J = 0* . Then by replacement of 
equal terms, we have: 

(*) Ah/3 2 -)3x( aproof fXix^*^ 

Now suppose that P as determined by X were provable in A. Then we 
could write out such a deduction, and cpde this deduction into an s-expression 
beginning with X. Call the tail of this deduction M. Then since it is a valid 
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deduction, aproof [\:H, /3* ] would be true. Since aproof is primitive recursive 
and therefore expressible, this formula would also be provable, and from it 
and the formula (*) we could deduce -i/3. Therefore arithmetic would be 
inconsistent. 

Suppose on the other hand that -i0 could be proven in A. Then we 
could prove 3x( aproof [X : x, 0*] from this and (*). Assuming that the standard 
model satisfies arithmetic, there must be some s-expression ^ such that 
aproof[X:/i, £* ] is true. Translating X:/U back gives us a deduction of j3, so 
once again A would be inconsistent. 

Assuming that A is a consistent system, and that the standard model 
for the s-expressions satisfies A, then we must conclude that /3 is neither 
provable nor refutable from A. 

This proof mirrors accurately the construction used by Godel in his 
proof which was for the theory of natural numbers in the language {=, 0, ', +, x}. 
However, his reasoning about this construction was quite different because he 
did not assume that arithmetic was necessarily consistent, and since he was 
restricting himself to finitary mathematics, the concept of a standard model 
could not be used. What he proved was that either arithmetic is incomplete 
or else it is either inconsistent or at least w- inconsistent, which means that 
there is some formula a such that AH3x(a), yet Ah- ia(0/x), -ia(o'/x), 
-ia(o"/x), etc. 

At first, one might think that this incompleteness theorem indicates 
that the theory A is too weak and should have some stronger axioms. For 
example, we might add /3 as an additional axiom, since it is true but 
unprovable from A. It turns out, however, that the incompleteness of 
arithmetic has nothing to do with this particular choice of a set of axioms. 
Any true, effective extension of A will also be incomplete. 

To show this, let B be any true, effective extension of A. The 
effectiveness of B means that its axioms must at least be recursively enumer- 
able. From this, it follows that there is a primitive recursive predicate 
bproof [x, y] which is true if and only if x is a proof of y in the theory B. 
Bproof is expressible (in A) because it is primitive recursive. It is expres- 
sible in B because B is a consistent extension of A, and so the incompleteness 
proof can be repeated in B, generating a formula undecidable in B. 
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It is not even necessary to arithmetize deduction in order to show that 
arithmetic is incomplete. It is sufficient to arithmetize computation. 
Starting from the definition of apply, we define the function applykjx, y, pj 
which has the property that if applyfx.y] = z, then there is a number p. such 
that if p * p , then applyk[x, y, p] = listfz}. but if p < p , then applykfx, y, p] = 
NIL. If applyfx, y] is undefined, men for all p, applyk[x, y, p] = NIL. One 
way to define applyk is to add an extra argumed! to every subsidiary function 
of apply. Each time a function Is called, this argument gets decremented. 
If it ever gets down to zero, men the computation is interrupted, and the value 
is NIL. It is also necessary to modify every function so that all explicitly 
undefined conditions get checked out, and so that a value of NIL gets referred 
to the top level of the computation promptly. 

Lemma 12. 8 

Applyk is a primitive recursive function. 

Alternate Proof that Arithmetic is Incomplete: If arithmetic were 
complete, then every arithmetic predicate po^f t hf exj^e*s4bie* and hence 
recursive. We know that the predicates halt and total, defined in Chapter 
Five, are not recursive. They are. .JWfftftftfe. ^i^meti^ because they can 
be defined by: 

halt{x, y] 2 3z3p<applyk{x,;y» p J * Ustfrf) Kale X 

totalfx] ■ Vjraz3p<applykfx, liatfyfc pf *<u«tf*P- Rule X 

Therefore arithmetic is incomplete. 

Problem Set 32 

1. Let A be the theory of arithmetic iiw^|nj the definitions of applyk 
and halt. Show that there is a finite set of : lpkp« T in A such that if r f and 
t 2 are ground terms containing no constants o^er^ianO, and no functions 
other than successor, enum and cons, then&ha^ r.,1 is true, then 

THhaitr^.^]. "■;-'"/- "* "* '..;;.""■; 

2. Show that first order logic is undecidable. (See corollary 9. 18. ) 
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There are still further ways of demonstrating that arithmetic is 
incomplete, and each one illuminates a different aspect of the problem. 
Godel's proof and the proof of Tarski's theorem in Chapter Thirteen are 
related to Epimenides' paradox. Epimenides was a Cretan philosopher of 
the fifth century B. C. who pondered the truth of the assertion: "This very 
sentence that I am now speaking is a lie. " Epimenides was dimly 
remembered by the Apostle Paul who wrote the famous slander: "One of 
their very number, a prophet of their own said, 'Cretans are always liars, 
hurtful beasts, idle and lazy gluttons. ■ " (Epistle to Titus. I, 12) 

Another approach to incompleteness has been developed by [Chaitin] 
starting from what is known as Berry's paradox, which goes something like 
this: "Consider the smallest number that takes at least one hundred words 
to describe. " If we ignore for the moment the problem of what is a valid 
"description" of a number, it is evident that some very large numbers can be 
described in very few words; for example "one billion hyperexponentiated 
one billion times". Among all the possible descriptions for any number, 
there must be one or more having the least number of words. So associated 
with each number is a number which is the word count of its shortest 
description* s). The smallest number for which this count is at least one 
hundred is the number that is referred to in the quoted sentence above. Yet 
that sentence which has less than a hundred words "describes" the number in 
question. This is the paradox. 

Chaitin replaces the ambiguous concept of "shortest description length 
in English" with the precise notion of "information theoretic complexity". 
The information theoretic complexity of an expression is the shortest 
instruction that can be given to a computer that will cause the computer to 
print out the expression in question. Obviously, the number one billion 
hyperexponentiated to the one billion is not very complex because a program 
to generate it is quite trivial. Information theoretic complexity does not 
consider the amount of time taken by the computer, or the amount of inter- 
mediate storage required, unlike the "complexity" of current complexity 
theory research. One may argue that the definition of information theoretic 
complexity is arbitrary because it depends on the choice of computer. This 
is true, but since any universal computer can simulate any other one, the 
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difference in complicity as measured by one computer and another cannot 
differ by more than a fixed constant, and this can be kept manageably small 
if the computers in question are of fairly simple description themselves. 

Let us fix the definition of complexity more precisely. The function 
sizefx], the number of characters required to print the s-expression x, is a 
recursive function. We now define the complexity of an s-expression x as 
being the least size of any s-expression y such thmt appiy{y,NfL) = x. The 
complexity of the s -expression which is a list of the first billion prime 
numbers is evidently quite moderate, because we can easily write a program 
to generate it, and cast this program in the form of a recursive function of no 
arguments. The complexity of a list of one billion rajidom numbers would be 
large, however, somewhat the same order as the size of the list itself. The 
complexity of any s-expression cannot be more than slightly larger than its 
own size, because x can be generated by the function (FN (QUOTE x)). 

The function complexityfx] can be defined in arithmetic using Rule F 
because the following formula is provable. 

3 n(3y<eize{yj = n A Sp< applyk fy, NIL, pi * li«tfx})) A 1fe(size[z] * 
1 n v -,3p(applykf«. N1U p] * UstfxjM 

We are now in a position to formalize Berry's paradox. Let g[n] be 
a recursive function that enumerates all theorems of arithmetic with applyk, 
size and complexity defined. G is not all that complex in itself. It must 
contain the deduction rules for first order logic, the axioms of arithmetic, 
the definition of applyk, and some enumeration machinery. Consider the 
first formula in the enumeration g{0 J, gfl ] . . . that is of the form 
complexityta ] > 1, 000, 000, 000 for some s-expression a. If arithmetic is 
true, a cannot be generated by any program of moderate length, yet we have 
just described such a method which consists in enumerating the function g 
until we come to such a formula. This process can easily be formalized into 
a function of no arguments. The only way out of me contradiction is to assume 
that no formula of the form complexity [at ] > 1, 000, 000, 000 will ever be 
generated in the sequence g{0], gfl J. ... But this sequence contains all the 
provable formulas of arithmetic, and so the conclusion is that only finitely 
many formulas of the form complexity!* J > n are provable, and that n is not 
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much larger than the complexity of the enumeration process. This is a 
startlingly different way for arithmetic to be incomplete. 

Chain's article is highly readable. -and relates information theoretic 
complexity to the notion of "random sequence 1 ' ja» w«ll«ja»/eomputability and 
me^mple|enesj8. 

It is. sometimes claimed that the yarifiMsrifflcoanp^teaess and 
undecida^ty resets are not *aeful to theo««mp«|t^-.|Krogrammfla: concerned 
with artificial fetfeiygence or mechaniqal ; in|er«ac», iweauaeall these 
theorems are based on, wefcr4 tech^qpe« 4 ^i^.b^ile*«f on paradox and always 
involve self-apf4icatiqn or diagonaiiszati©^ Q^e-aeyer wants, to do those 
particular things, anyway, in any practi«a,i si^ation^ u I w«<ald ar«»e that, on 
the contrary, self-application is precisely what one wants to do, because a 
system of deduction that can examine its own behavior is that much more 
powerful. Chapter Thirteen is an examination of this very question. By 
proving incompleteness in three different ways, I hope I have made the point 
that incompleteness is a result of the richness of logic, rather than indicating 
its impoverishment. 

§12.4 Representability of Recursive Functions 

Let <p be an n-ary total recursive function. Let <p* be the s- expres- 
sion translation of a sequence of recursive definitions that computes <p. The 
following formula contains exactly the variables x thru x and y free: 

3p(az(applykip*, listlXj, . . . , x J, p] = y*z) a 

Vm(m < p ^ atomfapplykfep*. listfx^ .... x n J, pj])) v 
Vm(atom[applykfc>*, list[x 1# .... x n J, mJJ A y = NIL) 

Calling this formula a for the moment, it is possible to prove 3 y(a) 
within arithmetic. In fact, such a proof is completely independent of the 
definition of applyk and the s-expression v>*. and depends only on the principle 
of any non-empty set of numbers having a least member. Either there is a 
least p such that applykfcp*. listfXj, .... x n J. p] is non-atomic, in which case y 
is car of that value, or else the second part of the disjunct holds and y is NIL. 
Therefore, we can define the function^ by Rule F, getting a(<p[x , . . . , x ]/y). 
This happens to be true for any s-expression p*. If ^* defines only a partial 
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function computationally, then the function p defined in first order arithmetic 
is completed by having the value NIL wherever the computation does not 
produce a value. If ^9* is not a procedure at all, <p will still be B'^pbtuttantly 
NIL function. But ^> will not necessarily be computable. 

While there is no process mat ■ always tells u»wheQ»fer<p* computes a 
total function, in each case where it doe«v # wilt be r*predentaole in arith- 
metic, for if o. thru (r are> any sr^bgmm^^em^; meif for some number p and 
some s-expressionff n+1 , Ahapplykfii*,lis*fe, >;i iv<^l»tfl'- l * s *^ tl +il» and for 
m < p, Ahapplyk|^,ttst^,...,o n J|rtJa Therefore: 

Theorem 12. 9 

All total recursive functions are representable. 
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CHAPTER THIRTEEN 
METAMATHEMATICS 



Preview of Chapter Thirteen 

Given a formal system of deduction, a metamathematical statement is 
an assertion about the system, very often about the system as a whole. For 
example: (i) Arithmetic is consistent. (ii) Arithmetic is incomplete, 
(iii) The formula cannot be deduced within the system. (iv) The formula y 
cannot be deduced within the system except by a deduction whose length is 
astronomically long. (v) The name LENGTH defines a function having an 
s -expression argument and a numerical value, (vi) Every formula of the 
type V§(a) ^ 3§(a) is provable, (vii) Replacement of equal terms is a 
derived rule of inference. 

Metamathematical reasoning is the method by which we arrive at 
statements such as these. It is impossible in any practical sense to do 
without metamathematical reasoning, and in fact we have used it throughout 
the book. If we want a practical system of logical inference, it will be 
necessary to formalize at least part of metamathematical reasoning, and that 
is the purpose of this chapter. Much of it has to do with formalizing the 
semantic notion of "truth", just as in Chapter Twelve we formalized the 
syntactic property of "provability". 

§13. 1 Truth and Tarski's Theorem 

We first define truth as a semantic or model theoretic concept, and 
then later in the chapter we shall make use of some axioms concerning truth. 
It is important to proceed in this order because it is only by having a clear 
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model-theoretic concept that we shall know that our axioms are reasonable. 

If a is a formula of arithmetic, all of whose function and predicate 
names are defined and total, then we shall define truth fa*] to be true if and 
only if a is true. Defining neg{x] t© be listfNOT, x], either truth [a*] or 
truth[neg[a* ]], but not both, must hold for any totally defined arithmetic 
formula a, because either SJ=«t or S|=-»«, where S is the standard model of 
the s- expressions. 

We now make the important point that the predicate "truth" is not an 
arithmetic predicate. It lies outside of the system -rjk, and if the formula a 
contains "truth" then a is not an arithmetic formula, and the above discussion 
does not apply to o at all. If 1l truth" were an arithmetic predicate, then it 
would be possible to establish Epimenides' paradox within arithmetic. This 
is known as Tarski's theorem. 

Theorem 13,1 (Tarski's Theorem) 

Arithmetic truth is not arithmetic. 

Proof: Suppose to the contrary that it were possible to define truth[x] within 
arithmetic such that if a is any arithmetic formula, then S^a if and only if 
S ^truthfa* ]. Let jS be the formula -itruthfsubquotefy, Y. y"fl. Let y he the 
formula -itruth{sub«iUOtep*, 1f,j!* % Then 'V * ~«tru«hl#], so SJ=y if and only 
if S Htruthfy* ] if and only if Sftruthfnegty*] J if and only if S^Hy. 

Because S j=a if and only if Sj=truth[tt*] is true only for arithmetic 
formulas, it becomes necessary to express the predicate 1 *a* is arithmetic" 
itself within arithmetic. If we did not haVe definitions, the problem would be 
easy. An arithmetic formula would be one whose function and predicate 
names are only the basic ones. But since we do allow definitions, the prob- 
lem is administratively more complicated, although not conceptually so. 

An administrative function is a function *h^ makes certain system 
information available within the system* Th«s% functions are not charged 
with the semantics of "truth", and #© we may consider th«m to be ordinary 
arithmetic functions. They tell us what has been written down in the system 
so far. The only administrative function that we need nfcw is defn[x]. If x 
is a name that has been defined by any of the definition rules or primitive 
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recursion schemas, then defnfx] is a list of the name of the rule, and the 
lines of the definition itself. For example, defnfPLUS] might be 
((SCHEMA C) (EQUAL (PLUS M 0) M) (EQUAL (PLUS M (ADD1 N)) (ADD1 
(PLUS M N)))). It is evident that starting with a certain amount of initial 
knowledge, and the information obtained from defn, the history of any function 
name can be investigated, and various determinations made, such as that it is 
total, primitive recursive, etc. In particular, if the history of definition 
does not include TRUTH, then it is arithmetic. From this, we can define the 
predicate arithfx] which is true if and only if x is a* for some well-formed 
arithmetic formula a. Arith itself is total, arithmetic, and computable. 

We now postulate the following formal metamathematical axioms which 
are justified because they are true, that is, they are satisfied by the model 
which is the standard model for the s-expressions enlarged (non-conservatively) 
by interpreting the predicate truthfx] to be true if x is a* where a is a true 
arithmetic formula, and false if x is a* and a is a false arithmetic, formula, 
and leaving truthfx] unspecified for all other x. Notice that none of these 
axioms make any assertion about truthfx] unless arithfx] is true. 

Ml: Semantic Completeness and Consistency of Arithmetic 
arithfx] => (truthfx] = -. truth [negfx]]) 

M2: Validity of the Axioms of Logic 
arithfx] = tautfx] 3 truthfx] 
arithfx] 3 qlfx] 3 truthfx] 
arithfx] => q2[x] 3 truthfx] 

M3: Validity of the Rules of Inference of Logic 

arithfy] 3 mpfx, y, z] 3 truthfx] 3 truth [y] => truthfz] 
arithfx] 3 q 3[x, y] 3 truthfx] 3 truthfy] 
arithfx] 3 q 4[ x , y] 3 truthfx] ^ truthfy] 

M4: Truth of the Axioms of Arithmetic 
arithfx] => axfx] 3 truthfx] 

where axfx] is true if x is a* for some formula a 
which is an axiom or instance of an axiom schema 
in Group A, B, D, F or G. 

-151- 



arith[x] o ninduct(xj ^ truth [x] 
artthfx] = sinduetfxjs* trirthfx] 

where those predicate* assert that x is an instance 

of B4 or D3, respectively^ v 

M5: Truth of Formulas Introduced as Definitions 

arithfx) p Sy(memberjx. cdrtdefntyjjj) '=>' truthfx] 
If x is a* for a formula o introduced by some 
definition or primitive recursion schema, then it 
is a member of defn of the name that was defined. 
(Car of this list is "the name of the schema. ) 

M6: Truth of the Predicate ^puth 
arith{«* J => (* » truthja*] > 

This is an axiom schema which cannot be represented 
in the preseat system as a oiagiLe axiom. 

Schema MS is at the very center of the notion of form*! metamathe- 
matics. It is bidirectional. First it allows that if wtdih assert some 
formula a then we can assert that a is true. In the other direction, it allows 

us to pass from the assertion that # ; Kr -true to' '« tisilH 

§13.2 Metamathematical Deduction 

Let us modify the primitive recursive function aprooffx, y} slightly by 
requiring that any definitions occurring in x be consistent with the system A. 
We can now do this by us ing defn. This allows us to dispense with the 
nuisance of the determining sequence A used ih Chapter Twelve. It is now 
possible to prove by induction oft the length of the deduction y: 

(**) arith[x] 3 3y(aproof[y» xj) ^ truthjx] 

The formula £ of theorem 12. 7 cannot be deduced within the system A, 
but at the time that we proved this,, we argued mf|ama^fmatically that P was 
true. We can formalize this argument as follows; 

(l)l.-i/3 Assume 

2. s -i3x(aproof[x, 0*]) This is provable in A. 
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3. arith[0*] Also provable in A. 

(1) 4. 3x(aproof [x, 0*]) Prop 1, 2 

(1) 5. truth[0*] Instance of .**, 3 and 4. 

<D 6. M6 5 

£ 7. -.03 Discharge 6. 1 

8-0 Prop 7 

This shows that formal metamathematics allows us to prove some 
formulas of A that are not provable in A, However, it does not allow us to 
complete A. Halt and total are still not recursive, since the notion of 
recursiveness is absolute and therefore not dependent on one's choice of an 
axiom system. No formula of the sort complexity fit) > 1, dOO. 000, 000 can be 
proven in formal metamathematics, or in any truthful system whose axioms 
can be enumerated by a function of feasible compiexity. 

The following extreme case shows that there are formulas having 
proofs of unfeasible length in arithmetic that have feasible proofs in meta- 
mathematics. Consider the formulas: 

a: -i3x(size[x]< 10 10 a aprooffx, subquotety. Y,y]]) 

0: -i3x(size[x] < 10 10 a aprooffx, subqudtefa*, Y. a* ]]) 

asserts that there is no proof of (in arithmetic) of feasible length. If 
there were, arithmetic would be untrue, and so we may assume that there is 
no such proof. is therefore true. Unlike the formula of theorem 12.7, 
however, this one is provable in A. Let a y . . . ,0" n be an enumeration of the 
finitely many s-expressions whose size is less than 10 10 . For each i, 
A**- iaproof{a., 0* ]. From all of these results^ and the assertion that this list 
is complete, it is possible to prove because the existential quantifier is 
bounded. Of course such a proof is much larger than lO 10 in size. 

The metamathematical proof of is so similar to the preceding proof 
that we do not even need to write it down. 

Theorem schemas are metamathematical assertions that occur very 
commonly. We do not want to have to wrffe out a deduction for each instance 
of a schema that occurs frequently. Consider the leftst ttttmber schema which 
is: 

1»|(o)3 3i|(oa v v(a (v /tj) => v * tjD ■ # ' • 
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This is true for any well-formed formula a, any numeric variable if, and any 
numeric variable v which is free for n in a. The assertion that all instances 
of this schema are provable is not even metamathematieal. It is: - 

3 y azaw(wff[y} A numvarfz] A numvarfw] a -inull[sub[listlw. z), y]] a 

x » listflMPLIES, HstfEJSST. z, y J, HstpB^STS, z, list{AND. y, 
listfFORALL; w. HstflMPLHBS, *ubflist[w. zj, yj, Hst[OTQ, w, 
zlIJJU) ° 3u(aprooffu, x]) 

where sub is defined in problem set 22, No.l. Let us abbreviate this to 
lnp[x] => 3y(aproof[y» x]), where lnp stands for least number principle. This 
formula is provable by formalizing a deduction schema for this theorem 
schema. It is tedious work, and one first has to deal with some properties 
of substitutivity. But having done this, we can then decbcf from (**) the 
formula; 

arith[x] => lnpfxj => truth{x] 

The advantage of having this formula is thstt given any arithmetic formula a 
such that lnpfa* ] is provable, we can derive a itself from M6. Lnp is a 
simple primitive recursive formula that merer* testis its argument to see if 
it has a certain format. Lnp is called a theorem schema. In general, a 
theorem schema is any unary predicate $ such iftat: 

arithfx] o 4>[x] o truth[xj 

has been proven, and an inference schema is any i*H~ary predicate # such 
that: 

arithtxj ]=>... ^ arith(x n+1 J => truth[Xj ] 3 . . . => truthlx n J => 

Mx v ..., x n+1 ] => truthlx^ x ] 

has been proven. 

Metamathematics allows us to demoiwtrate that a predicate defined in 
arithmetic is a theorem schema or inference schema, Thia solve* half of 
the problem of reducing deduction to computation in routine casesg The 
other half of the problem is to prove that the predicate defined in4he logical 
theory is the same as the predicate computed by some procedure in a 
programming language. When this has been established, we can tfien compile 
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the procedure, knowing that it is a valid addition to our collection of proof 
techniques. Theoretical results relevant to this problem are presented in 
Chapter Fourteen. 

Problem Set 33 

1. Show that a = truthfa*] where a is any formula is an inconsistent 
schema. 

2. Using (**) and Ml thru M6, prove an airthmetic formula asserting 
that arithmetic is consistent. 

3. Why is M4 necessary to the proof of (**) even though each ground 
instance of M4 can be deduced from M6? 

§13.3 The Hierarchy of Truth 

The notion of truth in the system we have just described can be 
formalized by means of a predicate truth l[x J which is outside that system. 
This leads to a hierarchy of tru*h function*, sach of which can reason meta- 
mathematically on the systems below it. It is possible, to define a predicate 
truthfx, r] where r is a rank number, and ip axiomatize ycv&t so that at each 
rank the truth of formulas of lesser rank can be discussed. An arithmetic 
formula is of rank 0, and any formula in which all occurrences of truth are 
of the form truthf. . . , n] where n is a number is of rank n-f 1. If a formula 
contains truthfx.yj, where y is anything other than a number, then the 
formula is outside the rank system, and cannot be discussed on any level. It 
is natural at this point to extend this idea even further by letting the second 
argument of truth be any ordinal number. This creates a whole new situation. 
It is not clear how much of this hierarchy is actually useful* but it would seem 
that having at least several levels of it are. 



-155- 



3W *3!«!$S^»>*** i ^SV* T *^ 



THE RECURSION THEOREM 



Preview of Chapter Fourteen 

The purpose of this chapter is to relate functions described by 
procedures, which are, in general, partial recorsive functions, vdth descrip- 
tions of functions 4» firs* order «t*^e6WMtle. -WSr *i#ed Id -db *his in order to 
prove theorems about pr^ee**!***, awd m -ovitfr tb Hii prt*eoi£iireB for com - 
puting functions that have %toa< 'dtffl£M ; laifl$alty^ Otiar «*impl* of the latter 
is the problem of computing « function ; *iifc& "ifci^lilMijitHMlt to be a theorem 
schema or inference schema by the methods oatlifted ifc' tShaf&er Thirteen. 

The recursion theorem 4s a basic result Si t*ifearwiv« function theory. 
Its relevance to th«s*-#i*dM«^hitt the 

semantics of programming l ang u age s, a com|d«* subject ^rhidh we do not even 
apprc^^ except <or «m- vevy' 1^ as 

specified in Chapter Two. Research in : 1»#s *h±&l ; *^|mg:^iG»m" abstract 
topology to detailed ^mmemnn^-4^^t^^&M^-'mM^t}^V A B fceSfcg done by 
[Scott ]* [Strachey] and others in thc*OKEtiM'Pfrog(Ntata^ Cfrotip, 

and [Milner], JNewry], [Igorashi] and others at the Stanford Artificial Intelli- 
gence Laboratory. 

§14.1 The Nature of the Problem 

In Chapter Twelve we describe a correspondence between procedures 
and formulas of first order arithmetic for the Special case of primitive 
recursive functions. It is easy to generalize this syntactic correspondence, 
but not immediately useful because of problems of consistency. 
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Consider a recursive definition having the general form: 

It can be converted into a set of formulas of first order arithmetic by replac- 
ing the "«-" with "=", and then applying the distributive rule of conditional 
forms, and the conversion of conditional forms into logical formulas, des- 
cribed below, until there are no more conditional forms. Since every part 
of the language of recursive functions except for the conditional is part of the 
language of logic, the result must be a set of formulas of logic. 

Distributive Rule for Conditional Forms 

Transform (f>[. . . , [^ -» c y . . . ,ff n -♦ ^J, . . J into [ffj -» 
<p[. ... Cj, ...],..., n^ + <p[. . . , c n , ... ]] where tp is any function 
or predicate name, including "=". 

Conversion of Conditionals into Logical Formulas 

When the conditional form [it -♦ €.,...,» "♦ «kMs hot a 
sub-form (i. e. , when it is on the outside), transform it into 
the sequence of formulas: 

ff l 3< l 

-iff. ^ ... ^ "iff , =>ff => € 

1 n ""A n n 

When the conditional form is on the outside of everything 
except for logical connectives, transform it into the conjunc- 
tion of the formulas of this schema. 

Example 

substfx, y, z] «- [atom[z] -♦ [y = z -» x. T ■ •* z], T -♦ substfx, y, 
car[z]J*subst[x, y, cdrfz]]] 

becomes 

atomfz] => ((y = z => substfx, y, z] = x) A < y fi z => substfx. y, z] = z)) 

-»atom[z] => substfx, y, z] = substfx, y, ca*(fc|l*$Hl»tfx, y» cdrfz }] 
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Unfortunately, there is no justification for changing "«-" into "=". A 
procedure cannot be inconsistent; it can at worst not produce a value, or 
produce a value not anticipated. The assertion that the left half is equal to 
the right half may be logically inconsistent. There are three situations that 
may arise from a recursive definition; it mayjo^er-de^Kne, under-define, or 
exactly define a function. 

Case I: If a recursive definition defines a total function, then the 
transformation into logic produces a set of formulas that represents the 
function. Subst is an example of this. The function subst computed by the 
recursive definition is the same as the function represented by the two 
formulas. 

Case II: The recursive definition is under-defined. In this case, the 
function computed by the recursive definition is partial, and there are more 
than one completions of the function that are model enlargements satisfying 
the formulas. Consider: 

ftn^ffn+l] 
ffn»mJ-«* ifnvnj 

Both of these definitions compute totally undefined Junctions, The first is 
satisfied by any constant function; Ohe second is satisfied by any commutative 
function (on the natural numbers;). 

Case IH: The recursive definition is over-defined. In this case, the 
function computed T>y me recursive definition is partial, and there are no 
completions of it that satisfy the formulas. There are no model enlarge- 
ments, and the system is inconsistent. An example is me definition: 

ffn] ♦- f[n] + 1 

As a procedure, it does not converge. As an assertion, ffn] = f{«] + 1 is 
inconsistent. 

Combinations of Cases I and HI also occur. 

The last example is extreme, but there is no general method for 
deciding which recursive deflnltfeo^s are ©v%r*d^t«rHiined. Nor can we 
regard them as undesirable. The definition of apply given in §2. 4 is over- 
defined, and there is no way to avoid this. 

In §12. 4, we proved that all total recursive functions are represent - 
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able, although we cannot always decide what is a total recursive function. 
Suppose we call a partial function £ partially representable if it is possible 
to define a function name <f> in arithmetic sueh thart if $&«..., . .a ) is defined 
and has the value o^j. then AhPl» 1 ...»,a n .].gj^ 1 . 

Theorem 14. 1 

All partial recursive functions are partially representable. 
Proof: This is implicit in the proof of theorem 12. 9. The representing 
function described in that proof has the value NIL for those arguments for 
which the partial recursive function is undefined, but it may not be possible 
to compute this NIL. 

This method of representation is indirect, depending on the definition 
of an interpreter function applyk which itself is fairly complicated. The 
recursion theorem which follows is relevant to obtaining a direct transforma- 
tion of a recursive definition into arithmetic iWitfaout the, danger of inconsis- 
tency, and in a manner that allows us to prove logical assertions about the 
procedure itself. 

Problem 34 

Show that apply is over- determinedi 

§ 14. 2 The Recursion Theorem 

The notation mat we use here folows [Scott] in his work on lattice 
theory and programming languages, although we do not actually define a 
lattice. 

We introduce an object "i" called "bottom" or "undefined". Letting 
S be the set of s- expressions, Sj is the set S U (j-}. The symbol "£" 
meaning "is less than or equally defined than" is a binary operator on S 
defined by: xE X , iSa, and or£ a where tt is any s* expression. "E" is a 
partial ordering. 

The notion of equality on the domain S will be represented by the 
symbol "a". The symbol "=" will mean computational equality. "2=" is not 
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a computable predicate. The two equalities can be compared in the Following 
tabic, where a and # are distinct a -expression*: 

c d c=d c a d 



a a T T 

a ^ $ F F 

a x x F 

i a x F 

' x x j. T 

The predicates atom, name and num. and the functions cons are 
extended to the domain S in tike same manner as w **% by defining the value 
to be x if any argument is x. The functions etfunv stecc*ssor, predecessor, 

car and cdr are also extended to S. by €*finti^$lHB rvsMeTto be x if the argu- 
ment is x or if the value is not^eibted, ; ■*■;£.-;• 'iftsii^^l 1 *^,' ahd'cartA] = x. 
A function^ is called monotonic if a^^ f or 1 k i* ri implies that 

p(a ..... &)B ^(b. , . . . , b ), for all a. and b. in 8. . The basic functions 
i n i n ill 

mentioned in the preceding paragraph are all monotonic. 

The ordering "E" extends to functions by defining ^E^ it for all a J 
thru a n in S 1# ^ 1 <a J , . . . , a^S^Caj, ». ,„a n ^i 

Let {a . } be an infinite sequence of elements of S . . It is a monotonic 
sequence if a^ a. for is j. A sequence of function* §p) (a!4 having the 
same number of arguments) is a monotonic seottence if tP . % <&, for i s j. An 
upper bound for a sequence is an object such that any member of the sequence 
is "S" to it. A least upper bound for a sequence is an upper bound that is 
"E" to any other upper bound. 

Corollary 14.2 

Every monotonic sequence has a least upper bound. If each function 
in the monotonic sequence fep.} is itself a monotonic function, then the lub of 
the sequence is also a monotonic funotioB. 

A functional is a function that takes functions as arguments, i. e. , it 
has one or more domains that are themselves function spaces. The notation 
for functionals is a bit cumbersome. When we write ♦: (S^ -♦ S J, S n -• S., we 
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mean that * is a functional whose first argument is an n-ary function on S , 
whose 2nd thru n+l-th arguments are members of S , and whose value is in 
S r More complex possibilities exist, but this particular type of functional 
will be the only kind that we need to discuss here. Functional can be 
monotonic in the same way functions are, since all their argument and value 
domains are partially ordered. 

If # is a monotonic functional of the type mentioned above, and [(p.] is 
a monotonic sequence of n-ary functions, and a thru a are a fixed set of 

elements of S y then {%>., &1 , a n )} is a monotonic sequence in S y and 

therefore has a least upper bound. The functional * is said to be continuous 
if it is monotonic, and if for every monotonic sequence [<p.3, and every choice 



of a. in S, 
1 1 



lubf*^, aj a n )} ^ *(lub{<pj . aj ..... a n ) 

A fixpoint for the functional * is a function <p such that for every choice 
of &1 th*u a n in S r #(<p, a 1# . . . , a^ a <p(a r .... &n ). A least fixpoint for * is 
a fixpoint which is "5" to any other fixpoint. 

Theorem 14. 3 (Fixpoint Theorem ) 

If * is a continuous functional having one n-ary functional argument, 

and n ordinary arguments, then it has a least fixpoint which is monotonic. 

Proof: Define «p n by letting (ft n (a, ..... a ) 2= j. for all a. . Define <p , by 

u u 1 n 1 n+1 

letting <P n+1 (a 1 & n ) ^ *<<p n , a r . . . . a n >. We can show by induction that 

the sequence {<p J is monotonic because <p_E<P,, and if cp £<p .. then 
* 1 ^n ^n+1 

*n + l< a l'"-' a n )!B *«V a l a n )E *<*n + r a l V * «W a l» • • ' ' a n >' 

so v:, n+l EV n+2* Let V be tne lub of the sequence [<p.] . Because * is contin- 
uous. *<<p. &1 a n ) a* lub{*(«p., a r . . . , a n )} a» lubfo.^ a n >} ^ 

<p(a 1 ,...,a n ). So <p is a fixpoint for *. Now let 4> be any other fixpoint of *. 

<P =*. and if <p n B$, then V3 n+1 ( ai , . . . , a n > * •<*> n .a 1 . . . ..ajE*^, &1 

a n ) ~ WSj, . . . , a n ), or <P n+1 E^. By induction, <p.*=il> for all i, and so ^ is an 
upper bound for {<p.} . Since <p is the lub of {<pj. <p£0, and so <p is the least 
fixpoint of *. <p is a monotonic function because if a. Eb., then <p(a , . . . , 
a n > a *<<P. a x a n )E*( 9 , ^ b R ) * <p(b , . . . b )! 
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This proof of the fixpoint theorem has been an exercise in abstract 
algebra; it uses no properties of Sj other than that Sj is a partially ordered 
set having a least element, and such that every monotonic sequence has a 
lub. But the notions of monotonic and continuous are surprisingly useful in 
the theory of computation. We have already noted that the basic functions of 
computation are monotonic. In fact, any partial recursive function is mono- 
tonic because that simply means that supplying more information about the 
arguments of the function does not decrease the possibility that the function 
has a value. 

Let <p be a partial recursive function on S. We extend it to be a total 
function on Sj by letting the value be x wherever the value was previously 
undefined. <p may also have x as an argument, in which case the value will 
be x unless the argument is not needed in the computational process, and a 
value is obtained without it. By Church's thesis, there is an effective 
procedure that computes the value of <p whenever it is an s-expression, but 
may never terminate if the value is x. Let <p. be the function such that 
<p.(a r . . . , a n ) is defined by doing i amount of work on the computation of 
0(a 1# .... a n ), and returning the value if one is obtained, and being undefined 
otherwise. The sequence £<p.} is not uniquely determined unless we fix a 
particular procedure for computings, and specify an exact definition of work. 
But by merely postulating that every computation requires some finite amount 
of work, we see that every such sequence has <p as its lub. 

Let *(<p, a y . . . , a n ) be a functional. We would like to call * partial 
recursive if there is an effective procedure for computing it. But this 
requires that we specify how this procedure is to be given functions as argu- 
ments. If <p is a partial recursive function, then the problem is simplified. 
We simply give to the procedure * a procedure that computes <p, and require 
that the value be independent of which procedure for <p is used. But we do 
not wish to restrict the argument <jD of * to partial recursive functions only. 
So we invent the notion of an oracle which is like a black box, or an on-line 
intervention in a computational process. 

The purpose of an oracle is to simulate the effect of a partial 
recursive function even when it is not. A black box that gives the value of 
^"r • ' ' ' a n } when lt is def ined, and replies "x" when it is not defined does too 
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much, because when a recursive process does not terminate we are not 
generally told that; we simply wait for ever. On the other hand, a black box 
which gives the value of ^(a^ . . .. a R ) when it is defined, and hangs up forever 
if it is not defined, is insufficient, because we can run any process for a 
certain amount of time to see if it produces a value within that time. A 
workable idea is to make use of the notion of a function as a limit. So, given 
the function <f>, let ftp.} be any sequence of functions whose lub is '<p. Then an 
oracle for <f> is a black box that when interrogated about VAa., .". . . a ) for 
particular i, either produces a value or replies " J- ". 

We now define a partial recursive functional *<p, a , . . . , a ) as a 
functional for which there is an effective procedure which computes its value 
when given the arguments a., and an oracle for 9. If the value of * is "1", 
then the procedure is permitted not to terminate. Implicit in the idea that 
* is a function of <f>. and not of the particular oracle chosen to represent <p. is 
the requirement that the value of the computation is independent of the choice 
of oracle for <f>. 

Lemma 14. 4 

All partial recursive functionals are continuous. 
Proof: The symbol "1" never enters into an effective procedure. It is used 
in discussions about effective procedures to .mean that information is not 
available. A procedure can never contain "if x - 1, then . . . ". This is 
sufficient to make all effective procedures monotonic. * Now let a thru a 
be a particular choice of objects in S y and let {#.] be any monotonic sequence. 
In the following discussion *<<p, a^ , . . , a R ) is abbreviated to *#). 

Let <p be the lub of the sequence §pj. If *fy>) - x, then *(<p.) a= x for 
each i, since * is monotonic. So lub[*fo>*)} 2= *fy». if *ty>) - a where a is 
an s-expression, then since this computation is independent of the oracle used 
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One way to be sure toat the procedure does not act on the information "this 
argument is undefined" is to replace each individual argument with an oracle 
for a constant function #H based on a sequence ft,}. This sequence either 
produces the argument for some i, or it never does, and the argument is 

■^ In other words, the procedure has to work to obtain each argument, 
and it can never know if or when it will get the argument until it gets it. 
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for <fi, we can let the oracle be based on the sequence |p.}. Because a was 
computed by an effective procedure, it can only have interrogated the oracle 
a finite number of times. Let?, be ihe highest function in the sequence (?.} 
that was used. Consider the computation of ♦fa. ) where ?. is represented by 
an oracle using the sequence beginning with?, thru p^ and then being?, 
from there on. This computation must proceed exactly like the previous 6ne. 
because no function with an index greater than k Will ever be interrogated. 
So ♦ (?) * *< J p k )Elub{*^ i )}fi%4|py ^vvlttavriMmmi?. 

Theorem 14. 5 (Kleene' s Recursion Theorem) 

■ "" ; /. ' ' ' ' " ■ " ' " " ' " ' - ' . —' V""" ■■■■■■■■■■■■■■ '■ . v ■■ " ■ " ■■!■■■ ■■' ■■ ii ■ * , " » " ) < i ' ** ** * :"". ■ I '■■ " * ■ f it '■' » y **»» ■ ' 

livery partial recursive , functional has a least fjfepojut which is a 
partial recursive function. 

Proof: By lemma 14. 4, if ♦ is partial recursive, it is continuous. By 
theorem 14. 3, it then has a least fixpoint?. To show that? is partial 
recursive, consider the sequence |?.} in the proof of theorem 14. 3 of which ? 
is the lub. ? Q is partial recursive because it is rejpresented by the process 
that never produces a value. Suppose? is partial recursive. Then© + - is 
partial recursive because *> n+1 (a r . . . ; a^*!^, **'][?• • • . ^» **"* there are 
effective proceHure* for # n awl ♦. By If^K^eft^^^^^aire ^krtiai 
recursivej and so? is partial recursive i b%c'i&§i 0l»^in^ute4 by the 
procedure that tries all the ?.. : v t ^ 

§14.3 Applicaiion of the Recursion Theorem 
Consider a recursive definition: 

where € has no free variables other than the S~ and every function and 
predicate name in €, except for ?, is ^^^iifiiji^jil partial recursive. 
Then « is a partial recursive functional because it specifies a computation 
depending on the functional argument?, aftd <^'^%xj^fes^on 4r|f^ehts 5. 
thru % n . Furthermore, if "♦•" is replaced by »#'V tfeen wextefrv* the fixpoint 
equation for this functional. 

Unfortunately, the situation gets a bit messy here because there are 
various semantics that one can propose for the language of recursive " 
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definitions. The choice of semantics will determine what functional 
*(<p, iy ..., 5 R ) is specified by the form C. We shall briefly consider two of 
them here: # L is the functional specified by the LISP semantics described in 
Chapter Two. * c is the functional specified by the complete semantics, that 
is, the semantics that computes as much as is possible from the information 



/n 



available in «. The two semantics never produce, conflicting values, but *_ 
may produce a value where * L fails to do so, that is, S^E*^ There are 
two significant differences between the two: 

I: LISP evaluation uses call by value. This sometimes gets hang up 
because all arguments for a function must be prer evaluated, even if they are 
not needed for its computation. For example, the definition: 

f[m, n] ♦- [m = -» 1, T ■♦ f[m - i. f[m, n]]] 

computes in LISP a function that is 1 if m is 0, and i§ otherwise undefined. 
But the complete semantics uses call by name, which does not attempt to 
evaluate the inner f[m, n], and so does not get into an endless cycle. It 
computes the function which is 1 for all numeric arguments. This problem 
is discussed thoroughly in [Vuillemin}. 

II: LISP semantics specifies a left-to-right order of evaluation for 
conditionals and logical operators. For example, the definition: 

*[nj«- [f[n] = -»1,T -»1] 

computes the totally undefined function in LISP, but the constant function 
f[n] = 1 in the complete semantics. 

In LISP, the form ^ V c i S evaluated by first evaluating €.. If t 
has no value, then the expression is undefined. In the complete semantics, 
the expression is true if either branch is true. This point can be stated by 
means of the three valued truth tables for the operation "v", keeping in mind 
that the interpretation of "x" is "information not available'*, or "value 
unknown". (See tables at top of next page. ) 

Both of these tables are monotonic, a necessity for fhem to be com- 
putable. We might call the first one "we%k", and the second "strong" or 
"symmetric". We have chosen the word "complete" because of the property 
of semantic completeness which is the same as in logic. (From B we can 
deduce A V b without having to prove that A is true or false. ) The strong 
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truth tables are discussed in [Kleene, §64) in connection with partial recursive 
functions. His term for "monotonic" is "regular". 

Let us examine some recursive functional* and their fixpoints taken 
from [Manna and Vuillemin J. Consider the functional: 

♦ <<p,a,b)is fa » b« b+ l.T**e*fa>f*-l,b+lJJ] 

A fixpoint for * is a function <p such that ^(a, b) * ♦<•>, a, b) for every choice of 
a and b in Sy M +" and "-" are functions that are und«ftBted tor non-numerical 
arguments, or if the result of subtraction is negative. The nature of "*" is 
such that for the equation to be true, both sides must be the same number, or 
both must be undefined. Notice, also, that "■** used to the conditional 
expression is undefined if either argument is undefined. We now specify 
three functions, each of which is a fixpoint of * : 

<Py . a * 1 . 



*3 : 



if a i b then a + 1 else b - l 

if a ^ b and a - b is even, then a + 1 
else not defined 



A certain amount of investigation will convince one mat each of these is a fix- 
point. It can also be shown that ^ 3 ^ and^ 3 <ft 2 . <p 3 is in fact the least 
fixpoint of ♦. 



ij 
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We now extend the theory A of Chapter Eleven to be a theory A about 
the model Sj which is the s -expressions with the added object "i", and the 
definitions of the basic functions extended appropriately. However, we shall 
not use *V, "£" or "*" anywhere in the language of the theory, because they 
are not computable. 

The variables beginning with r thru z range over s- expressions, while 
variables beginning with a, b and c range over S y The axioms of group H 
are now needed because we admit to the possibility of their being something 
that *££©* an s-expression. In this theory, listfx^ x is a theorem, but 
Ust[a]jf a is not, because of the counter-example consfx, NIL J* ±. 

Specifically, we have axiomatized the theory: pf s-expressions so as to 
admit the possibility that there might be things that are not s-expressions. 
But we have not axiomatized S a particularly? we simply note that S is one 
model that satisfies the theory A r . 

Consider the recursive definition f[a}* f[aj + 1. Its least fixpoint is 
the totally undefined function. Since this is a "total' 1 function on the domain 
Sj. the equation f[a] = f[a] + 1 is satisfiable in S y and ho inconsistency 
results from it. The instantiation f [3 ] = f{3 ) + 1 is satisfied because 
i5i+1 ' and "=" approximates "W! to the extent that it is computable. One 
cannot derive = 1 from this formula, because if we start from the theorem 
m = m+l=0-l (which is provable), we find that replacing m with f[3] is 
not a valid substitution because f[3] is not a numeric typed term. 

Partial Recursion Schema 

If fP is a new name, then the transformation of the recursive 
definition <p[x v . . . . xj •- € into a set of formulas of Aj may be 
used as a definition for ^. 

Not only is this rule consistent, but it makes all partial recursive 
functions partially representable, and all total recursive functions represent- 
able in a direct manner. We present the following theorem without proof 
because there is too much detail that we have not completed; it is not difficult 
conceptually. 

Theorem 14.6 (Partial Representation) 

Let the function name (p be defined in- A by the partial recursion 
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schema, where all the other function and predicate names in the schema are 

already defined and (partially) representable. Then £(or, , . . . »a ) = , , 
^ in n+i 

where <fi is the least fixpoint of € in the complete semantics, if and only if 

A i*BV<...° n l=«W 

This theorem is the justification for the "completeness" of this 
particular choice of semantics. 

If a function <p has been defined by the partial recursion schema, we 
may be able to demonstrate that it is a total recursive function by proving the 
formula 3y(<p[x r . . . , x n ] = y). This also allows us to assert that the function 
ip is a well-typed s -expression valued function. Other totality and type 
information may be developed similarly. One may be able to prove 
a n (<P[x, m] = n), which types <p as a total numeric -valued function having an 
s -expression argument and a numeric argument. If one can prove 
0M => 3y(<p[x] = y), then one has shown that <p is defined at least for those 
values where 4>[x] is true. 

It is not possible to prove the totality of all total recursive functions 
in this manner, since this would make "total" recursively enumerable. But 
it is possible in many cases. In particular, it is always possible to prove 
that primitive recursive definitions define total recursive functions. (The 
argument is by induction. ) 

One word of caution on this schema. The model S introduces "x" 
into the domain, but not into the logic itself. The model is still a model of 
standard two-valued first order logic. So while the recursion schema permits 
replacement of "♦-" with "=", it would be inconsistent to replace "♦-" with "■". 
p[x] = -tp[x] is inconsistent in the present system, although one could develop 
a three-valued logic. 

The recursion theorem can be stated in a multi- dimensional form 
which is that given the set of equations: 

*1 ( <°1 <V 5 1 5 n 1 )a: ^l (5 l"--» 5 n 1 ) 

• ■ • 

Vi «v § i v s ' kl!i V 

where the *. are partial recursive, there is a set of least fixpoints <p thru 2 
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which are partial recursive. This conveniently corresponds to the program- 
mer's habit of defining recursive functions in interdependent batches. The 
partial recursion schema may be extended to permit this. 

Problem Set 35 

1. Investigate the work of Vuillemin, and the Oxford Group, to see 
how the recursion theorem is used in the study of the semantics of program- 
ming languages. How do they deal with the problem of the computed function 
of LISP and ALGOL being less than the semantiqally complete fixpoint? 

2. Extend the syntax of first order logic to allow conditionals used 
either as logical connectives, or choice functions within terms, so that con- 
ditionals can be nested inside each other. Add transformation rules that are 
consistent, and make this logic complete sema«iica»yv Theorem 14. 6 is 
now trivial to prove. 
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CHAPTER FIFTEEN 
SECOND ORDER ARITHMETIC AND SET THEORY 



§ 15. 1 Second Order Arithmetic 

Starting with the system A presented in Chapter Twelve, we can 
develop a second order theory of s-expressions. The model for this theory 
has as its domain the set S U {S }, i. e. , there will be both s-expressions and 
sets of s-expressions in the domain. Set variables will begin with a capital 
R, S or T, and be followed by at least one lower case letter. 

The basic predicate of set theory is membership. In second order 
arithmetic, things that are members are s-expressions, and things that have 
members are sets. So: 

a € b ^ (sexprfa] a set[b]) 

The principle of extensionality is that two sets are equal if they have 
the same members: 

EXT: Vx(x 6 Sa = x € Sb) => Sa = Sb 

The principle of comprehension is that there is a set to correspond to 
every property definable in the theory, or: 

COMP: 3SaVx(x€ Sa ■ a) 

where a is any formula not having the variable Sa free. 

From the extensionality axiom, one can prove that the existential 
quantifier in the comprehension axiom schema is unique, i.e., 3..SaVx(x € Sa = 
a). 

The induction axiom schemas of first order arithmetic can be replaced 
by single formulas in second order arithmetic: 
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NIND: e Sa => Vn(n € Sa 3 n ' € Sa) => m( n 6 Sa) 

SIND: Vx(atom[x] => x € Sa) = Wiy{x € Sa = y 6 Sa 3 x*y 6 Sa) => 
<.Vx(x€.Sa) 

Together with the axioms of A. these are the axioms for second order arith- 
metic, A . 

We can define certain classes of sets, and even given them special 
variable types that are sub-types P f the |ype "jet". The most obvious one is 
the set of numbers. We define the type "nset" by: 

nsetfSa] ■ tfr(x 6 Sa => nujnfcj) 
Variables of type "nset" will start with a capi^l N. such as Na, Nb, etc. 
The least number principle can be state <| as a single axiom: 
3n(n 6 Na) p. S^n € NaA%^„ € Na ,a> n « m )) 

First order functions and predicates can be represented as individual 

sets in second order arithmetic. If ^isHfc m%ry predicate on the s-expres- 

sions. then it is represented by the set containing only lists of length m. and 

such that^atfcj, . , . ,<y i» a member of the *« jfeTwidtmly *f ftffj, . . . : t or ) is 

true. If «p is an n-ary function on s- expressions, then it is represented by a 

set containing only lists whose length is n+1, and such that listfa a 

^ n*t~l * i * • • • * 

a n ] is a member of the set if and only if «K«^ ..o^) = V + j. Putting the 

value first is a matter of Gonvenjanee. It is easy to make definitions such as: 
Parfun3[Sa J « <Vx(x € Sa p s4fx]) a Wfyx € Sa 3 y € Sa => cdr fxl = 

Totfun3[Sa] - (Parfun3[Sa] A Vx(83[xJ => 3y<y*x € Sa)*) 

Parfun and Totfun are second order predicates. @\nim*ly. oiie can continue 
to make specific definitions of functions an<| predicates having such and such 
numeric or symbolic arguments and values. 

There are second order functions -or functfonals which process first 
order functions and might be called combin^CfSPf first order functions. 
These are abstract, rather than procedural 9^^^ not correspond 

to recursive processe^necessarily. For example, given the unary partial 
functions $ y and ? & , there is the partial tj^mS^Ja)). ; Xhesecond 
order function Gompose(Sa, Sb) has this composition function as its value. It 
is trivial to prove: 
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ParfunlfSa] 3 Parfunl[Sb] = 3 1 Sc(parfunl[Sc] A VxVy(list[x, yj € Sc ■ 
az(list[z, y] € Sa A listfx, z] € Sb)» 

Using Rule PF, we define this unique Sc to be Compose[Sa, Sb]. 

Corresponding to any procedure for computing a first order partial 
recursive function, is the set which is the function it computes. We can call 
this the extension of the procedure. Trivially: 

3 1 SaVy(y € Sa = a z 3w3n(applyk[x, z.nj = list[w] A y = w*z» 

Using Rule F, we define this unique Sa to be Extension[x]. 

It is possible to define an ordinary first order recursive function 
pcompose such that if x and y are s- expression translations of procedures for 
unary partial recursive functions, pcompose [x, y] will be a procedure for 
computing the composition of the two functions. Then for any such x and y 
the following identity holds: 

Extension [pcompose[x, y]] = Compose[Extension[x}, Exteneion{y]] 

It is even possible to define an abstract Apply by: 

3 iy (y*x € Sa) 3 ApplyfSa, x]*x € Sa Rule PF 

This second order function applies any function (represented by a set) to its 
list of arguments, and produces a value (abstractly). The evaluation of a 
partial recursive function by an interpreter coincides with a special case of 

this in the sense that: 

3n(applyk[x, y, n] = list{z]) ^ Apply [Extensionfx], y] * z 

The purpose of this discussion has been to show that a much larger 
number of situations can be discussed very precisely in second order arith- 
metic than in first order. This is done at the expense of making the dis- 
cussion abstract, in that the entities being discussed are no longer construct - 
able. It seems as though any mathematical discussion cannot realistically 
be kept at the first order level. When we want to go beyond the second level, 
we can either explicitly formulate third order and fourth order arithmetic, 
etc. , or we can go into axiomatic set theory. 

Problem Set 35 

1. Show that there are formulas of first order logic that are not prov- 
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able in first order logic, but are provable in second order logic. 

2. Prove that second order logic is incomplete. 

3. Define the functions Union, Intellection 4 **** Complement (with 
respeet to the set of s-e*pre»sionsK Bnien, fbr e*intpl*i ^ira fttrititton of 
two arguments which are sets, and the «W!mf1M t&e^e*wn4efc is their union: 

4. What is an impredicative definition? • •••'How- does th*s axiom schenia 
COM P avoid imp redicative definitions? u t= ; 

§15.2 Axiomatic Set Thoery 

There are basically two styles of axiomatic set theory. Zermelo- 
Fraenkel (ZF) set theory is a theory about sels only; wfiiie von Neumann i- ' 
Bernays-C&def'(N^G) se^ which 

are universal objects that are too big toWcSii^iwis.'"" ZP has axiom 
schemas giving rise to infinitely many ^mldlvfduar axioms, "while NRG is finitely 
axiomatized. For the reader wishing an introduction to set theory, 
[Shoenfield, Chapter 9] discusses ZF, and [Mendelson. Chapter 4] discusses 
NBG. Set theory is discussed informally, that is. without reference to an 
axiomatization in first order logic, in [Halmos]. 

Two of the important concepts developed in set theory are cardinality, 
and ordinality. We are using the concept of cardinality when we investigate 
second order arithmetic and mention higher arithmetic. One of the principles 
of set theory is that, given any set. there is the set of all subsets of that set 
(known as the power set) which is of higher cardinality than the original set. 
So when set theory axioms are added to arithmetic, we automatically get sets 
of s-expressions, sets of sets of s- expressions, etc. Axiomatic set theory, 
as it is commonly presented, is abstract in that the only basis for construct- 
ing sets is the empty set. But it is easy to merge the axioms of set theory 
with an existing theory such as first order arithmetic. 

The other major concept of set theory is ordinality. We have hardly 
mentioned ordinal numbers in this book, yet the theory of ordinals enriches 
the study of recursive functions, and axiom systems at almost every level. 

There is a whole hierarchy of ordinal numbers even when we restrict 
ourselves to countable ordinals - those having the lowest infinite cardinality. 
The smallest transfinite ordinal is called «o. There is the sequence <*, «*+ 1, 
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u> + 2, . , . , and an ordinal u> x 2 that is greater than any of these. There is 
the sequence <*) x 2, oo x 2 + l, . . . , and the o«££»aJt#t x 3 which is greater than 
these. The ordinal ur ia greater than any ordinal Ja .the., sequence H wx2, 
u) x 3, etc. AU of these and many n«>re are still countable. 

Ordinals are the natural mathematical strucfeire for representing the 
idea of transcendence. For example, Godel's theorem allows us to find a 
formula independent of a certain axiom system. This can he repeated 
ad infinitum, but even after adding infinitely many axioms, we can still find 
an independent formula, and after adding sequences of sequences of new 
axioms, we still find that we can obtain an ^dependent formula. The 
unsuccessful effort to finally complete the axiom system leads naturally tQ 
Kleene's concept of a constructive ordinal. 
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"There is a great wind coming whose electrical storm shall be felt 
for the duration of the century, " Samdup mused raising hie dark eyebrows 
and staring out meditatively at the ominous sky. 

"Humanity shall become possessed oy its technology, " Martha agreed, 
handing Mycroft the gramophone recordings of the German Embassy, the 
keys to the one hundred horsepower Benz, and the telephone number of the 
real Von Herling who remained in his holt* room tied uj^with his telephone 
cord, 75 : ;'/ 

"Good grief, " she continued, as her voice changed from a Suffolk to 
a New Jersey accent, "even the opera itself will vanish and people shall 
listen to recorded music at home. " Smiling at Sherlock, she took off her 
old lady's grey *fc a«f Iter beautiful long red hair attainted down her 
shoulders. "We are our own machines, and all of the powers of the universe 
are within us. " 

-The Adamantine Sherlock Holmes- 
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